Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus


  • This topic is locked This topic is locked
17 replies to this topic

#1 kvnb

kvnb

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 27 August 2011 - 09:29 AM

I just posted a topic in another forum (http://www.bleepingcomputer.com/forums/topic416172.html/page__p__2386382#entry2386382) and was told to come here.

From my initial post:
"I've just noticed within the past day or two that seemingly at random, some of my Google results will redirect me to a strange ad or other website instead of the intended site. I'm running Windows 7 Home Premium (Version 6.1.7600 Build 7600) on a Dell Inspiron N5010 laptop. The problem seems to be affecting Firefox (I think version 3.6.20), but Internet Explorer seems fine. I have already run a few different malware scan programs (McAffee Security Center, Malwarebytes, Super Antispyware, and Hitman Pro 3.5) which caught some things, but does not seem to have helped the Google problem."

I was told to run TDSSKiller, which as far as I can tell proved ineffective.

I ran DDS, but I don't believe I am running a 32-bit version of Windows, so I did not run GMER.

I'd like to thank in advance anyone who can help! Anyway, here is the log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Kevin at 10:13:52 on 2011-08-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3895.2368 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nytimes.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110514234213.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 129.49.7.170
TCP: Interfaces\{30583A1B-844B-4A5A-B180-340E8008E736} : DhcpNameServer = 129.49.7.170
TCP: Interfaces\{30583A1B-844B-4A5A-B180-340E8008E736}\0516E64625E45647 : DhcpNameServer = 10.100.100.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{30583A1B-844B-4A5A-B180-340E8008E736}\2423E41573 : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{30583A1B-844B-4A5A-B180-340E8008E736}\64C6576666973516E6377596275637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{30583A1B-844B-4A5A-B180-340E8008E736}\75F6C6669656E45647D2745647D234F6E6E65636475646 : DhcpNameServer = 172.20.48.1
TCP: Interfaces\{30583A1B-844B-4A5A-B180-340E8008E736}\75F6C6669656E45647D27457563747 : DhcpNameServer = 172.20.24.1
TCP: Interfaces\{30583A1B-844B-4A5A-B180-340E8008E736}\75F6C6669656E45647D2F40756E6 : DhcpNameServer = 10.245.255.3
TCP: Interfaces\{30583A1B-844B-4A5A-B180-340E8008E736}\A457374796E6 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110514234213.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\cfjbqc99.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kevin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: XUL Cache: {e949881f-2ebb-465c-a939-a9458ad75c13} - %profile%\extensions\{e949881f-2ebb-465c-a939-a9458ad75c13}
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSP;avast! Self Protection;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-7-12 89600]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\DRIVERS\aswFsBlk.sys --> C:\windows\system32\DRIVERS\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;C:\windows\system32\DRIVERS\aswMonFlt.sys --> C:\windows\system32\DRIVERS\aswMonFlt.sys [?]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-7-22 366640]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-7-31 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-7-31 355440]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-7-31 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2010-7-12 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2010-7-12 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe [2010-7-12 149032]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-7-12 689472]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-12 2320920]
R3 BcmVWL;Broadcom Virtual Wireless;C:\windows\system32\DRIVERS\bcmvwl64.sys --> C:\windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
S2 AeLookupSvc32;Application Experience ;C:\ProgramData\msyuv32.exe --> C:\ProgramData\msyuv32.exe [?]
S2 AESTFilters32;Andrea ST Filters Service ;C:\ProgramData\webservices32.exe --> C:\ProgramData\webservices32.exe [?]
S2 ALG3232;Application Layer Gateway Service ;C:\ProgramData\KBDDIV132.exe --> C:\ProgramData\KBDDIV132.exe [?]
S2 ALG323232;Application Layer Gateway Service ;C:\ProgramData\TaskSchdPS32.exe --> C:\ProgramData\TaskSchdPS32.exe [?]
S2 AppIDSvc32;Application Identity ;C:\ProgramData\irclass32.exe --> C:\ProgramData\irclass32.exe [?]
S2 AppIDSvc3232;Application Identity ;C:\ProgramData\networkexplorer32.exe --> C:\ProgramData\networkexplorer32.exe [?]
S2 AppIDSvc323232;Application Identity ;C:\ProgramData\PortableDeviceStatus32.exe --> C:\ProgramData\PortableDeviceStatus32.exe [?]
S2 Appinfo32;Application Information ;C:\ProgramData\dnssdX32.exe --> C:\ProgramData\dnssdX32.exe [?]
S2 Appinfo3232;Application Information ;C:\ProgramData\catsrvut32.exe --> C:\ProgramData\catsrvut32.exe [?]
S2 Appinfo323232;Application Information ;C:\ProgramData\mprdim32.exe --> C:\ProgramData\mprdim32.exe [?]
S2 Appinfo32323232;Application Information ;C:\ProgramData\mprapi32.exe --> C:\ProgramData\mprapi32.exe [?]
S2 Apple Mobile Device32;Apple Mobile Device ;C:\ProgramData\NlsLexicons002032.exe --> C:\ProgramData\NlsLexicons002032.exe [?]
S2 Apple Mobile Device323232;Apple Mobile Device ;C:\ProgramData\RstrtMgr32.exe --> C:\ProgramData\RstrtMgr32.exe [?]
S2 Apple Mobile Device32323232;Apple Mobile Device ;C:\ProgramData\dskquoui32.exe --> C:\ProgramData\dskquoui32.exe [?]
S2 Apple Mobile Device3232323232;Apple Mobile Device ;C:\ProgramData\fdPnp32.exe --> C:\ProgramData\fdPnp32.exe [?]
S2 aswUpdSv32;avast! iAVS4 Control Service ;C:\ProgramData\imapi2fs32.exe --> C:\ProgramData\imapi2fs32.exe [?]
S2 aswUpdSv3232;avast! iAVS4 Control Service ;C:\ProgramData\NAPHLPR32.exe --> C:\ProgramData\NAPHLPR32.exe [?]
S2 AudioEndpointBuilder32;Windows Audio Endpoint Builder ;C:\ProgramData\msnetobj32.exe --> C:\ProgramData\msnetobj32.exe [?]
S2 AudioEndpointBuilder323232;Windows Audio Endpoint Builder ;C:\ProgramData\TSWorkspace32.exe --> C:\ProgramData\TSWorkspace32.exe [?]
S2 AudioEndpointBuilder3232323232;Windows Audio Endpoint Builder ;C:\ProgramData\KBDAZE32.exe --> C:\ProgramData\KBDAZE32.exe [?]
S2 AudioEndpointBuilder323232323232;Windows Audio Endpoint Builder ;C:\ProgramData\iassam32.exe --> C:\ProgramData\iassam32.exe [?]
S2 AudioSrv32;Windows Audio ;C:\ProgramData\iyuv_3232.exe --> C:\ProgramData\iyuv_3232.exe [?]
S2 AudioSrv323232;Windows Audio ;C:\ProgramData\nlsbres32.exe --> C:\ProgramData\nlsbres32.exe [?]
S2 AudioSrv32323232;Windows Audio ;C:\ProgramData\msexch4032.exe --> C:\ProgramData\msexch4032.exe [?]
S2 AudioSrv3232323232;Windows Audio ;C:\ProgramData\winsockhc32.exe --> C:\ProgramData\winsockhc32.exe [?]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast4\ashServ.exe [2010-8-27 147640]
S2 avast! Antivirus32;avast! Antivirus ;C:\ProgramData\KBDTUF32.exe --> C:\ProgramData\KBDTUF32.exe [?]
S2 avast! Antivirus3232;avast! Antivirus ;C:\ProgramData\KBDLA32.exe --> C:\ProgramData\KBDLA32.exe [?]
S2 avast! Antivirus323232;avast! Antivirus ;C:\ProgramData\wsecedit32.exe --> C:\ProgramData\wsecedit32.exe [?]
S2 avast! Antivirus32323232;avast! Antivirus ;C:\ProgramData\KBDYAK32.exe --> C:\ProgramData\KBDYAK32.exe [?]
S2 avast! Mail Scanner32;avast! Mail Scanner ;C:\ProgramData\api-ms-win-service-management-l1-1-032.exe --> C:\ProgramData\api-ms-win-service-management-l1-1-032.exe [?]
S2 avast! Web Scanner32;avast! Web Scanner ;C:\ProgramData\KBDINBE132.exe --> C:\ProgramData\KBDINBE132.exe [?]
S2 avast! Web Scanner3232;avast! Web Scanner ;C:\ProgramData\uniplat32.exe --> C:\ProgramData\uniplat32.exe [?]
S2 avast! Web Scanner323232;avast! Web Scanner ;C:\ProgramData\d3d1132.exe --> C:\ProgramData\d3d1132.exe [?]
S2 avast! Web Scanner323232323232;avast! Web Scanner ;C:\ProgramData\igd10umd3232.exe --> C:\ProgramData\igd10umd3232.exe [?]
S2 AxInstSV32;ActiveX Installer (AxInstSV) ;C:\ProgramData\KBDDIV232.exe --> C:\ProgramData\KBDDIV232.exe [?]
S2 AxInstSV3232;ActiveX Installer (AxInstSV) ;C:\ProgramData\msxml432.exe --> C:\ProgramData\msxml432.exe [?]
S2 BDESVC32;BitLocker Drive Encryption Service ;C:\ProgramData\d3dramp32.exe --> C:\ProgramData\d3dramp32.exe [?]
S2 BDESVC3232;BitLocker Drive Encryption Service ;C:\ProgramData\fdBth32.exe --> C:\ProgramData\fdBth32.exe [?]
S2 BDESVC323232;BitLocker Drive Encryption Service ;C:\ProgramData\cnvfat32.exe --> C:\ProgramData\cnvfat32.exe [?]
S2 BDESVC32323232;BitLocker Drive Encryption Service ;C:\ProgramData\RASMM32.exe --> C:\ProgramData\RASMM32.exe [?]
S2 BDESVC3232323232;BitLocker Drive Encryption Service ;C:\ProgramData\udhisapi32.exe --> C:\ProgramData\udhisapi32.exe [?]
S2 BFE32;Base Filtering Engine ;C:\ProgramData\imagesp132.exe --> C:\ProgramData\imagesp132.exe [?]
S2 BITS32;Background Intelligent Transfer Service ;C:\ProgramData\radardt32.exe --> C:\ProgramData\radardt32.exe [?]
S2 BITS3232;Background Intelligent Transfer Service ;C:\ProgramData\ActionCenter32.exe --> C:\ProgramData\ActionCenter32.exe [?]
S2 Bonjour Service323232;Bonjour Service ;C:\ProgramData\asferror32.exe --> C:\ProgramData\asferror32.exe [?]
S2 Bonjour Service32323232;Bonjour Service ;C:\ProgramData\srvcli32.exe --> C:\ProgramData\srvcli32.exe [?]
S2 Bonjour Service3232323232;Bonjour Service ;C:\ProgramData\adsldp32.exe --> C:\ProgramData\adsldp32.exe [?]
S2 Bonjour Service323232323232;Bonjour Service ;C:\ProgramData\cmlua32.exe --> C:\ProgramData\cmlua32.exe [?]
S2 Bonjour Service32323232323232;Bonjour Service ;C:\ProgramData\qdv32.exe --> C:\ProgramData\qdv32.exe [?]
S2 Bonjour Service3232323232323232;Bonjour Service ;C:\ProgramData\samlib32.exe --> C:\ProgramData\samlib32.exe [?]
S2 Bonjour Service323232323232323232;Bonjour Service ;C:\ProgramData\NlsData000032.exe --> C:\ProgramData\NlsData000032.exe [?]
S2 Browser32;Computer Browser ;C:\ProgramData\odtext3232.exe --> C:\ProgramData\odtext3232.exe [?]
S2 bthserv32;Bluetooth Support Service ;C:\ProgramData\wmpeffects32.exe --> C:\ProgramData\wmpeffects32.exe [?]
S2 bthserv323232;Bluetooth Support Service ;C:\ProgramData\tcpipcfg32.exe --> C:\ProgramData\tcpipcfg32.exe [?]
S2 bthserv32323232;Bluetooth Support Service ;C:\ProgramData\winrssrv32.exe --> C:\ProgramData\winrssrv32.exe [?]
S2 btwdins32;Bluetooth Service ;C:\ProgramData\RpcNs432.exe --> C:\ProgramData\RpcNs432.exe [?]
S2 btwdins323232;Bluetooth Service ;C:\ProgramData\mswstr1032.exe --> C:\ProgramData\mswstr1032.exe [?]
S2 btwdins32323232;Bluetooth Service ;C:\ProgramData\audiodev32.exe --> C:\ProgramData\audiodev32.exe [?]
S2 clr_optimization_v2.0.50727_323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;C:\ProgramData\wiadefui32.exe --> C:\ProgramData\wiadefui32.exe [?]
S2 clr_optimization_v2.0.50727_32323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;C:\ProgramData\ole232.exe --> C:\ProgramData\ole232.exe [?]
S2 clr_optimization_v2.0.50727_3232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;C:\ProgramData\utildll32.exe --> C:\ProgramData\utildll32.exe [?]
S2 clr_optimization_v2.0.50727_323232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;C:\ProgramData\iasads32.exe --> C:\ProgramData\iasads32.exe [?]
S2 clr_optimization_v2.0.50727_6432;Microsoft .NET Framework NGEN v2.0.50727_X64 ;C:\ProgramData\winnsi32.exe --> C:\ProgramData\winnsi32.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_3232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;C:\ProgramData\api-ms-win-core-heap-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-heap-l1-1-032.exe [?]
S2 clr_optimization_v4.0.30319_3232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;C:\ProgramData\iernonce32.exe --> C:\ProgramData\iernonce32.exe [?]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 clr_optimization_v4.0.30319_643232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;C:\ProgramData\cryptnet32.exe --> C:\ProgramData\cryptnet32.exe [?]
S2 clr_optimization_v4.0.30319_64323232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;C:\ProgramData\napdsnap32.exe --> C:\ProgramData\napdsnap32.exe [?]
S2 COMSysApp32;COM+ System Application ;C:\ProgramData\KBDGAE32.exe --> C:\ProgramData\KBDGAE32.exe [?]
S2 COMSysApp323232;COM+ System Application ;C:\ProgramData\wmi32.exe --> C:\ProgramData\wmi32.exe [?]
S2 COMSysApp32323232;COM+ System Application ;C:\ProgramData\NlsLexicons001932.exe --> C:\ProgramData\NlsLexicons001932.exe [?]
S2 CryptSvc323232;Cryptographic Services ;C:\ProgramData\dinput832.exe --> C:\ProgramData\dinput832.exe [?]
S2 CryptSvc32323232;Cryptographic Services ;C:\ProgramData\dmime32.exe --> C:\ProgramData\dmime32.exe [?]
S2 CryptSvc3232323232;Cryptographic Services ;C:\ProgramData\mswdat1032.exe --> C:\ProgramData\mswdat1032.exe [?]
S2 defragsvc32;Disk Defragmenter ;C:\ProgramData\KBDINKAN32.exe --> C:\ProgramData\KBDINKAN32.exe [?]
S2 defragsvc323232;Disk Defragmenter ;C:\ProgramData\iologmsg32.exe --> C:\ProgramData\iologmsg32.exe [?]
S2 defragsvc32323232;Disk Defragmenter ;C:\ProgramData\dhcpsapi32.exe --> C:\ProgramData\dhcpsapi32.exe [?]
S2 defragsvc32323232323232;Disk Defragmenter ;C:\ProgramData\NlsLexicons000232.exe --> C:\ProgramData\NlsLexicons000232.exe [?]
S2 defragsvc3232323232323232;Disk Defragmenter ;C:\ProgramData\NlsData0c1a32.exe --> C:\ProgramData\NlsData0c1a32.exe [?]
S2 Dhcp32;DHCP Client ;C:\ProgramData\KBDMLT4832.exe --> C:\ProgramData\KBDMLT4832.exe [?]
S2 Dnscache32;DNS Client ;C:\ProgramData\mtxclu32.exe --> C:\ProgramData\mtxclu32.exe [?]
S2 DockLoginService32;Dock Login Service ;C:\ProgramData\spwinsat32.exe --> C:\ProgramData\spwinsat32.exe [?]
S2 DockLoginService3232;Dock Login Service ;C:\ProgramData\KBDRO32.exe --> C:\ProgramData\KBDRO32.exe [?]
S2 DockLoginService323232;Dock Login Service ;C:\ProgramData\xolehlp32.exe --> C:\ProgramData\xolehlp32.exe [?]
S2 DPS32;Diagnostic Policy Service ;C:\ProgramData\msiltcfg32.exe --> C:\ProgramData\msiltcfg32.exe [?]
S2 DPS323232;Diagnostic Policy Service ;C:\ProgramData\WinSATAPI32.exe --> C:\ProgramData\WinSATAPI32.exe [?]
S2 DPS32323232;Diagnostic Policy Service ;C:\ProgramData\cngaudit32.exe --> C:\ProgramData\cngaudit32.exe [?]
S2 DPS3232323232;Diagnostic Policy Service ;C:\ProgramData\mfc40u32.exe --> C:\ProgramData\mfc40u32.exe [?]
S2 DPS323232323232;Diagnostic Policy Service ;C:\ProgramData\msvcrt2032.exe --> C:\ProgramData\msvcrt2032.exe [?]
S2 EapHost32;Extensible Authentication Protocol ;C:\ProgramData\racpldlg32.exe --> C:\ProgramData\racpldlg32.exe [?]
S2 EapHost3232;Extensible Authentication Protocol ;C:\ProgramData\perfnet32.exe --> C:\ProgramData\perfnet32.exe [?]
S2 EapHost323232;Extensible Authentication Protocol ;C:\ProgramData\qcap32.exe --> C:\ProgramData\qcap32.exe [?]
S2 EapHost32323232;Extensible Authentication Protocol ;C:\ProgramData\t2embed32.exe --> C:\ProgramData\t2embed32.exe [?]
S2 EapHost3232323232;Extensible Authentication Protocol ;C:\ProgramData\bcryptprimitives32.exe --> C:\ProgramData\bcryptprimitives32.exe [?]
S2 EFS32;Encrypting File System (EFS) ;C:\ProgramData\msshooks32.exe --> C:\ProgramData\msshooks32.exe [?]
S2 EFS3232;Encrypting File System (EFS) ;C:\ProgramData\WinSyncProviders32.exe --> C:\ProgramData\WinSyncProviders32.exe [?]
S2 EFS323232;Encrypting File System (EFS) ;C:\ProgramData\hid32.exe --> C:\ProgramData\hid32.exe [?]
S2 ehRecvr3232;Windows Media Center Receiver Service ;C:\ProgramData\TapiSysprep32.exe --> C:\ProgramData\TapiSysprep32.exe [?]
S2 ehRecvr323232;Windows Media Center Receiver Service ;C:\ProgramData\api-ms-win-core-memory-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-memory-l1-1-032.exe [?]
S2 ehRecvr32323232;Windows Media Center Receiver Service ;C:\ProgramData\msltus4032.exe --> C:\ProgramData\msltus4032.exe [?]
S2 ehRecvr3232323232;Windows Media Center Receiver Service ;C:\ProgramData\authz32.exe --> C:\ProgramData\authz32.exe [?]
S2 ehRecvr323232323232;Windows Media Center Receiver Service ;C:\ProgramData\msrle3232.exe --> C:\ProgramData\msrle3232.exe [?]
S2 ehSched323232;Windows Media Center Scheduler Service ;C:\ProgramData\wmiprop32.exe --> C:\ProgramData\wmiprop32.exe [?]
S2 ehSched3232323232;Windows Media Center Scheduler Service ;C:\ProgramData\xwizards32.exe --> C:\ProgramData\xwizards32.exe [?]
S2 ehSched323232323232;Windows Media Center Scheduler Service ;C:\ProgramData\iepeers32.exe --> C:\ProgramData\iepeers32.exe [?]
S2 eventlog32;Windows Event Log ;C:\ProgramData\NlsData081a32.exe --> C:\ProgramData\NlsData081a32.exe [?]
S2 eventlog3232;Windows Event Log ;C:\ProgramData\lz3232.exe --> C:\ProgramData\lz3232.exe [?]
S2 eventlog323232;Windows Event Log ;C:\ProgramData\PortableDeviceWiaCompat32.exe --> C:\ProgramData\PortableDeviceWiaCompat32.exe [?]
S2 eventlog32323232;Windows Event Log ;C:\ProgramData\hnetcfg32.exe --> C:\ProgramData\hnetcfg32.exe [?]
S2 eventlog3232323232;Windows Event Log ;C:\ProgramData\syncui32.exe --> C:\ProgramData\syncui32.exe [?]
S2 EventSystem32;COM+ Event System ;C:\ProgramData\xwtpw3232.exe --> C:\ProgramData\xwtpw3232.exe [?]
S2 EventSystem3232;COM+ Event System ;C:\ProgramData\msjint4032.exe --> C:\ProgramData\msjint4032.exe [?]
S2 EventSystem323232;COM+ Event System ;C:\ProgramData\shimgvw32.exe --> C:\ProgramData\shimgvw32.exe [?]
S2 Fax3232;Fax ;C:\ProgramData\sqlwid32.exe --> C:\ProgramData\sqlwid32.exe [?]
S2 fdPHost32;Function Discovery Provider Host ;C:\ProgramData\KBDRU32.exe --> C:\ProgramData\KBDRU32.exe [?]
S2 FDResPub32;Function Discovery Resource Publication ;C:\ProgramData\prnfldr32.exe --> C:\ProgramData\prnfldr32.exe [?]
S2 FDResPub3232;Function Discovery Resource Publication ;C:\ProgramData\shacct32.exe --> C:\ProgramData\shacct32.exe [?]
S2 FontCache3.0.0.032;Windows Presentation Foundation Font Cache 3.0.0.0 ;C:\ProgramData\slwga32.exe --> C:\ProgramData\slwga32.exe [?]
S2 FontCache32;Windows Font Cache Service ;C:\ProgramData\nlmgp32.exe --> C:\ProgramData\nlmgp32.exe [?]
S2 FontCache3232;Windows Font Cache Service ;C:\ProgramData\gcdef32.exe --> C:\ProgramData\gcdef32.exe [?]
S2 FontCache323232;Windows Font Cache Service ;C:\ProgramData\kbdnec9532.exe --> C:\ProgramData\kbdnec9532.exe [?]
S2 GameConsoleService32;GameConsoleService ;C:\ProgramData\kbdax232.exe --> C:\ProgramData\kbdax232.exe [?]
S2 GameConsoleService3232;GameConsoleService ;C:\ProgramData\ctl3d3232.exe --> C:\ProgramData\ctl3d3232.exe [?]
S2 GameConsoleService323232;GameConsoleService ;C:\ProgramData\txfw3232.exe --> C:\ProgramData\txfw3232.exe [?]
S2 GameConsoleService32323232;GameConsoleService ;C:\ProgramData\fontsub32.exe --> C:\ProgramData\fontsub32.exe [?]
S2 GoToAssist32;GoToAssist ;C:\ProgramData\NlsData004a32.exe --> C:\ProgramData\NlsData004a32.exe [?]
S2 GoToAssist3232;GoToAssist ;C:\ProgramData\NlsData003932.exe --> C:\ProgramData\NlsData003932.exe [?]
S2 GoToAssist323232;GoToAssist ;C:\ProgramData\mscpxl3232.exe --> C:\ProgramData\mscpxl3232.exe [?]
S2 GoToAssist32323232;GoToAssist ;C:\ProgramData\QUTIL32.exe --> C:\ProgramData\QUTIL32.exe [?]
S2 hidserv32;Human Interface Device Access ;C:\ProgramData\DDOIProxy32.exe --> C:\ProgramData\DDOIProxy32.exe [?]
S2 hidserv32323232;Human Interface Device Access ;C:\ProgramData\ntshrui32.exe --> C:\ProgramData\ntshrui32.exe [?]
S2 hkmsvc32;Health Key and Certificate Management ;C:\ProgramData\msdelta32.exe --> C:\ProgramData\msdelta32.exe [?]
S2 hkmsvc3232;Health Key and Certificate Management ;C:\ProgramData\msrepl4032.exe --> C:\ProgramData\msrepl4032.exe [?]
S2 hkmsvc323232;Health Key and Certificate Management ;C:\ProgramData\KBDIT14232.exe --> C:\ProgramData\KBDIT14232.exe [?]
S2 hkmsvc323232323232;Health Key and Certificate Management ;C:\ProgramData\KBDDA32.exe --> C:\ProgramData\KBDDA32.exe [?]
S2 hkmsvc32323232323232;Health Key and Certificate Management ;C:\ProgramData\MCEWMDRMNDBootstrap32.exe --> C:\ProgramData\MCEWMDRMNDBootstrap32.exe [?]
S2 hkmsvc3232323232323232;Health Key and Certificate Management ;C:\ProgramData\cmifw32.exe --> C:\ProgramData\cmifw32.exe [?]
S2 hkmsvc323232323232323232;Health Key and Certificate Management ;C:\ProgramData\XpsGdiConverter32.exe --> C:\ProgramData\XpsGdiConverter32.exe [?]
S2 HomeGroupListener32;HomeGroup Listener ;C:\ProgramData\scrrun32.exe --> C:\ProgramData\scrrun32.exe [?]
S2 HomeGroupListener3232;HomeGroup Listener ;C:\ProgramData\winrscmd32.exe --> C:\ProgramData\winrscmd32.exe [?]
S2 IAStorDataMgrSvc32;Intel® Rapid Storage Technology ;C:\ProgramData\evr32.exe --> C:\ProgramData\evr32.exe [?]
S2 IAStorDataMgrSvc32323232;Intel® Rapid Storage Technology ;C:\ProgramData\dmintf32.exe --> C:\ProgramData\dmintf32.exe [?]
S2 IAStorDataMgrSvc3232323232;Intel® Rapid Storage Technology ;C:\ProgramData\WMVSDECD32.exe --> C:\ProgramData\WMVSDECD32.exe [?]
S2 IAStorDataMgrSvc323232323232;Intel® Rapid Storage Technology ;C:\ProgramData\WindowsCodecs32.exe --> C:\ProgramData\WindowsCodecs32.exe [?]
S2 idsvc32;Windows CardSpace ;C:\ProgramData\msdtcuiu32.exe --> C:\ProgramData\msdtcuiu32.exe [?]
S2 idsvc3232;Windows CardSpace ;C:\ProgramData\acppage32.exe --> C:\ProgramData\acppage32.exe [?]
S2 idsvc323232;Windows CardSpace ;C:\ProgramData\jdns_sd32.exe --> C:\ProgramData\jdns_sd32.exe [?]
S2 IKEEXT32;IKE and AuthIP IPsec Keying Modules ;C:\ProgramData\d3d10_132.exe --> C:\ProgramData\d3d10_132.exe [?]
S2 IKEEXT3232;IKE and AuthIP IPsec Keying Modules ;C:\ProgramData\wups32.exe --> C:\ProgramData\wups32.exe [?]
S2 IPBusEnum32;PnP-X IP Bus Enumerator ;C:\ProgramData\msdtcVSp1res32.exe --> C:\ProgramData\msdtcVSp1res32.exe [?]
S2 IPBusEnum3232;PnP-X IP Bus Enumerator ;C:\ProgramData\mfreadwrite32.exe --> C:\ProgramData\mfreadwrite32.exe [?]
S2 IPBusEnum323232;PnP-X IP Bus Enumerator ;C:\ProgramData\WMSPDMOD32.exe --> C:\ProgramData\WMSPDMOD32.exe [?]
S2 IPBusEnum32323232;PnP-X IP Bus Enumerator ;C:\ProgramData\dmdskmgr32.exe --> C:\ProgramData\dmdskmgr32.exe [?]
S2 KeyIso3232;CNG Key Isolation ;C:\ProgramData\linkinfo32.exe --> C:\ProgramData\linkinfo32.exe [?]
S2 KeyIso323232;CNG Key Isolation ;C:\ProgramData\KBDUKX32.exe --> C:\ProgramData\KBDUKX32.exe [?]
S2 KtmRm32;KtmRm for Distributed Transaction Coordinator ;C:\ProgramData\NaturalLanguage632.exe --> C:\ProgramData\NaturalLanguage632.exe [?]
S2 LanmanServer32;Server ;C:\ProgramData\dciman3232.exe --> C:\ProgramData\dciman3232.exe [?]
S2 LanmanServer3232;Server ;C:\ProgramData\AUDIOKSE32.exe --> C:\ProgramData\AUDIOKSE32.exe [?]
S2 LanmanServer323232;Server ;C:\ProgramData\perfctrs32.exe --> C:\ProgramData\perfctrs32.exe [?]
S2 lltdsvc32;Link-Layer Topology Discovery Mapper ;C:\ProgramData\d3d8thk32.exe --> C:\ProgramData\d3d8thk32.exe [?]
S2 lltdsvc3232;Link-Layer Topology Discovery Mapper ;C:\ProgramData\l2gpstore32.exe --> C:\ProgramData\l2gpstore32.exe [?]
S2 lltdsvc323232;Link-Layer Topology Discovery Mapper ;C:\ProgramData\apphelp32.exe --> C:\ProgramData\apphelp32.exe [?]
S2 lltdsvc32323232;Link-Layer Topology Discovery Mapper ;C:\ProgramData\fundisc32.exe --> C:\ProgramData\fundisc32.exe [?]
S2 lltdsvc3232323232;Link-Layer Topology Discovery Mapper ;C:\ProgramData\NlsLexicons000132.exe --> C:\ProgramData\NlsLexicons000132.exe [?]
S2 lltdsvc323232323232;Link-Layer Topology Discovery Mapper ;C:\ProgramData\SSShim32.exe --> C:\ProgramData\SSShim32.exe [?]
S2 lmhosts32;TCP/IP NetBIOS Helper ;C:\ProgramData\mf321632.exe --> C:\ProgramData\mf321632.exe [?]
S2 lmhosts3232;TCP/IP NetBIOS Helper ;C:\ProgramData\comctl3232.exe --> C:\ProgramData\comctl3232.exe [?]
S2 LMS323232;Intel® Management and Security Application Local Management Service ;C:\ProgramData\rasser32.exe --> C:\ProgramData\rasser32.exe [?]
S2 LMS32323232;Intel® Management and Security Application Local Management Service ;C:\ProgramData\msscntrs32.exe --> C:\ProgramData\msscntrs32.exe [?]
S2 MBAMService32;MBAMService ;C:\ProgramData\KBDNO32.exe --> C:\ProgramData\KBDNO32.exe [?]
S2 MBAMService3232;MBAMService ;C:\ProgramData\netfxperf32.exe --> C:\ProgramData\netfxperf32.exe [?]
S2 MBAMService323232;MBAMService ;C:\ProgramData\efsutil32.exe --> C:\ProgramData\efsutil32.exe [?]
S2 McMPFSvc32;McAfee Personal Firewall Service ;C:\ProgramData\WinSCard32.exe --> C:\ProgramData\WinSCard32.exe [?]
S2 mcmscsvc323232;McAfee Services ;C:\ProgramData\SearchFolder32.exe --> C:\ProgramData\SearchFolder32.exe [?]
S2 McNaiAnn3232;McAfee VirusScan Announcer ;C:\ProgramData\basecsp32.exe --> C:\ProgramData\basecsp32.exe [?]
S2 McNaiAnn323232;McAfee VirusScan Announcer ;C:\ProgramData\srclient32.exe --> C:\ProgramData\srclient32.exe [?]
S2 McNaiAnn32323232;McAfee VirusScan Announcer ;C:\ProgramData\wlancfg32.exe --> C:\ProgramData\wlancfg32.exe [?]
S2 McNaiAnn3232323232;McAfee VirusScan Announcer ;C:\ProgramData\NlsData001332.exe --> C:\ProgramData\NlsData001332.exe [?]
S2 McNASvc32323232;McAfee Network Agent ;C:\ProgramData\iprtprio32.exe --> C:\ProgramData\iprtprio32.exe [?]
S2 McNASvc3232323232;McAfee Network Agent ;C:\ProgramData\offfilt32.exe --> C:\ProgramData\offfilt32.exe [?]
S2 McNASvc323232323232;McAfee Network Agent ;C:\ProgramData\dot3ui32.exe --> C:\ProgramData\dot3ui32.exe [?]
S2 McNASvc32323232323232;McAfee Network Agent ;C:\ProgramData\rasplap32.exe --> C:\ProgramData\rasplap32.exe [?]
S2 McNASvc3232323232323232;McAfee Network Agent ;C:\ProgramData\spp32.exe --> C:\ProgramData\spp32.exe [?]
S2 McNASvc323232323232323232;McAfee Network Agent ;C:\ProgramData\netbios32.exe --> C:\ProgramData\netbios32.exe [?]
S2 McODS32;McAfee Scanner ;C:\ProgramData\wow3232.exe --> C:\ProgramData\wow3232.exe [?]
S2 McODS3232;McAfee Scanner ;C:\ProgramData\NlsData001932.exe --> C:\ProgramData\NlsData001932.exe [?]
S2 McOobeSv32;McAfee OOBE Service ;C:\ProgramData\untfs32.exe --> C:\ProgramData\untfs32.exe [?]
S2 McOobeSv323232;McAfee OOBE Service ;C:\ProgramData\msxml332.exe --> C:\ProgramData\msxml332.exe [?]
S2 McOobeSv32323232;McAfee OOBE Service ;C:\ProgramData\dhcpcore632.exe --> C:\ProgramData\dhcpcore632.exe [?]
S2 McOobeSv323232323232;McAfee OOBE Service ;C:\ProgramData\ipsmsnap32.exe --> C:\ProgramData\ipsmsnap32.exe [?]
S2 McOobeSv32323232323232;McAfee OOBE Service ;C:\ProgramData\Syncreg32.exe --> C:\ProgramData\Syncreg32.exe [?]
S2 McOobeSv3232323232323232;McAfee OOBE Service ;C:\ProgramData\fltLib32.exe --> C:\ProgramData\fltLib32.exe [?]
S2 McOobeSv323232323232323232;McAfee OOBE Service ;C:\ProgramData\url32.exe --> C:\ProgramData\url32.exe [?]
S2 McProxy32;McAfee Proxy Service ;C:\ProgramData\KBDINGUJ32.exe --> C:\ProgramData\KBDINGUJ32.exe [?]
S2 McProxy3232;McAfee Proxy Service ;C:\ProgramData\mfds32.exe --> C:\ProgramData\mfds32.exe [?]
S2 McProxy323232;McAfee Proxy Service ;C:\ProgramData\sppwmi32.exe --> C:\ProgramData\sppwmi32.exe [?]
S2 Mcx2Svc32;Media Center Extender Service ;C:\ProgramData\netshell32.exe --> C:\ProgramData\netshell32.exe [?]
S2 Mcx2Svc3232;Media Center Extender Service ;C:\ProgramData\NlsData000d32.exe --> C:\ProgramData\NlsData000d32.exe [?]
S2 Mcx2Svc323232;Media Center Extender Service ;C:\ProgramData\dpnhupnp32.exe --> C:\ProgramData\dpnhupnp32.exe [?]
S2 Mcx2Svc32323232;Media Center Extender Service ;C:\ProgramData\mimefilt32.exe --> C:\ProgramData\mimefilt32.exe [?]
S2 mfefire32;McAfee Firewall Core Service ;C:\ProgramData\mscoree32.exe --> C:\ProgramData\mscoree32.exe [?]
S2 mfefire3232;McAfee Firewall Core Service ;C:\ProgramData\NlsData001832.exe --> C:\ProgramData\NlsData001832.exe [?]
S2 mfefire323232;McAfee Firewall Core Service ;C:\ProgramData\cmutil32.exe --> C:\ProgramData\cmutil32.exe [?]
S2 mfevtp3232;McAfee Validation Trust Protection Service ;C:\ProgramData\taskcomp32.exe --> C:\ProgramData\taskcomp32.exe [?]
S2 mfevtp323232;McAfee Validation Trust Protection Service ;C:\ProgramData\adsmsext32.exe --> C:\ProgramData\adsmsext32.exe [?]
S2 mfevtp32323232;McAfee Validation Trust Protection Service ;C:\ProgramData\dmusic32.exe --> C:\ProgramData\dmusic32.exe [?]
S2 mfevtp3232323232;McAfee Validation Trust Protection Service ;C:\ProgramData\d3dx9_3232.exe --> C:\ProgramData\d3dx9_3232.exe [?]
S2 mfevtp323232323232;McAfee Validation Trust Protection Service ;C:\ProgramData\riched3232.exe --> C:\ProgramData\riched3232.exe [?]
S2 Microsoft SharePoint Workspace Audit Service32;Microsoft SharePoint Workspace Audit Service ;C:\ProgramData\KBDARME32.exe --> C:\ProgramData\KBDARME32.exe [?]
S2 Microsoft SharePoint Workspace Audit Service3232;Microsoft SharePoint Workspace Audit Service ;C:\ProgramData\mssvp32.exe --> C:\ProgramData\mssvp32.exe [?]
S2 Microsoft SharePoint Workspace Audit Service323232;Microsoft SharePoint Workspace Audit Service ;C:\ProgramData\gptext32.exe --> C:\ProgramData\gptext32.exe [?]
S2 Microsoft SharePoint Workspace Audit Service32323232;Microsoft SharePoint Workspace Audit Service ;C:\ProgramData\shwebsvc32.exe --> C:\ProgramData\shwebsvc32.exe [?]
S2 MMCSS32;Multimedia Class Scheduler ;C:\ProgramData\chtbrkr32.exe --> C:\ProgramData\chtbrkr32.exe [?]
S2 MMCSS3232;Multimedia Class Scheduler ;C:\ProgramData\comcat32.exe --> C:\ProgramData\comcat32.exe [?]
S2 MMCSS323232;Multimedia Class Scheduler ;C:\ProgramData\pautoenr32.exe --> C:\ProgramData\pautoenr32.exe [?]
S2 MMCSS32323232;Multimedia Class Scheduler ;C:\ProgramData\vssapi32.exe --> C:\ProgramData\vssapi32.exe [?]
S2 MMCSS3232323232;Multimedia Class Scheduler ;C:\ProgramData\KBDSYR132.exe --> C:\ProgramData\KBDSYR132.exe [?]
S2 MpsSvc32;Windows Firewall ;C:\ProgramData\NlsLexicons000f32.exe --> C:\ProgramData\NlsLexicons000f32.exe [?]
S2 MpsSvc3232;Windows Firewall ;C:\ProgramData\mdminst32.exe --> C:\ProgramData\mdminst32.exe [?]
S2 MpsSvc323232;Windows Firewall ;C:\ProgramData\pots32.exe --> C:\ProgramData\pots32.exe [?]
S2 MSDTC32;Distributed Transaction Coordinator ;C:\ProgramData\MP43DECD32.exe --> C:\ProgramData\MP43DECD32.exe [?]
S2 MSDTC3232;Distributed Transaction Coordinator ;C:\ProgramData\msftedit32.exe --> C:\ProgramData\msftedit32.exe [?]
S2 MSiSCSI32;Microsoft iSCSI Initiator Service ;C:\ProgramData\rasman32.exe --> C:\ProgramData\rasman32.exe [?]
S2 MSiSCSI323232;Microsoft iSCSI Initiator Service ;C:\ProgramData\cca32.exe --> C:\ProgramData\cca32.exe [?]
S2 msiserver32;Windows Installer ;C:\ProgramData\ifsutil32.exe --> C:\ProgramData\ifsutil32.exe [?]
S2 msiserver3232;Windows Installer ;C:\ProgramData\NlsLexicons000732.exe --> C:\ProgramData\NlsLexicons000732.exe [?]
S2 msiserver323232;Windows Installer ;C:\ProgramData\cmicryptinstall32.exe --> C:\ProgramData\cmicryptinstall32.exe [?]
S2 msiserver32323232;Windows Installer ;C:\ProgramData\credssp32.exe --> C:\ProgramData\credssp32.exe [?]
S2 msiserver3232323232;Windows Installer ;C:\ProgramData\WiaExtensionHost6432.exe --> C:\ProgramData\WiaExtensionHost6432.exe [?]
S2 msiserver323232323232;Windows Installer ;C:\ProgramData\rasapi3232.exe --> C:\ProgramData\rasapi3232.exe [?]
S2 napagent3232;Network Access Protection Agent ;C:\ProgramData\msrdc32.exe --> C:\ProgramData\msrdc32.exe [?]
S2 Netlogon32;Netlogon ;C:\ProgramData\KBDFI32.exe --> C:\ProgramData\KBDFI32.exe [?]
S2 Netman3232;Network Connections ;C:\ProgramData\dmsynth32.exe --> C:\ProgramData\dmsynth32.exe [?]
S2 netprofm32;Network List Service ;C:\ProgramData\vds_ps32.exe --> C:\ProgramData\vds_ps32.exe [?]
S2 netprofm3232;Network List Service ;C:\ProgramData\spwizres32.exe --> C:\ProgramData\spwizres32.exe [?]
S2 netprofm323232;Network List Service ;C:\ProgramData\wmpsrcwp32.exe --> C:\ProgramData\wmpsrcwp32.exe [?]
S2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;C:\ProgramData\icardie32.exe --> C:\ProgramData\icardie32.exe [?]
S2 NetTcpPortSharing3232;Net.Tcp Port Sharing Service ;C:\ProgramData\osbaseln32.exe --> C:\ProgramData\osbaseln32.exe [?]
S2 NlaSvc32;Network Location Awareness ;C:\ProgramData\newdev32.exe --> C:\ProgramData\newdev32.exe [?]
S2 NlaSvc3232;Network Location Awareness ;C:\ProgramData\wshbth32.exe --> C:\ProgramData\wshbth32.exe [?]
S2 NlaSvc323232;Network Location Awareness ;C:\ProgramData\avifil3232.exe --> C:\ProgramData\avifil3232.exe [?]
S2 nsi3232;Network Store Interface Service ;C:\ProgramData\dnssd32.exe --> C:\ProgramData\dnssd32.exe [?]
S2 nsi323232;Network Store Interface Service ;C:\ProgramData\api-ms-win-security-lsalookup-l1-1-032.exe --> C:\ProgramData\api-ms-win-security-lsalookup-l1-1-032.exe [?]
S2 nsi32323232;Network Store Interface Service ;C:\ProgramData\PresentationHostProxy32.exe --> C:\ProgramData\PresentationHostProxy32.exe [?]
S2 osppsvc32;Office Software Protection Platform ;C:\ProgramData\keymgr32.exe --> C:\ProgramData\keymgr32.exe [?]
S2 osppsvc3232;Office Software Protection Platform ;C:\ProgramData\comuid32.exe --> C:\ProgramData\comuid32.exe [?]
S2 p2pimsvc32;Peer Networking Identity Manager ;C:\ProgramData\slc32.exe --> C:\ProgramData\slc32.exe [?]
S2 p2pimsvc3232;Peer Networking Identity Manager ;C:\ProgramData\ucmhc32.exe --> C:\ProgramData\ucmhc32.exe [?]
S2 p2psvc32;Peer Networking Grouping ;C:\ProgramData\mfcsubs32.exe --> C:\ProgramData\mfcsubs32.exe [?]
S2 p2psvc3232;Peer Networking Grouping ;C:\ProgramData\eventcls32.exe --> C:\ProgramData\eventcls32.exe [?]
S2 PcaSvc3232;Program Compatibility Assistant Service ;C:\ProgramData\NlsLexicons004532.exe --> C:\ProgramData\NlsLexicons004532.exe [?]
S2 PerfHost32;Performance Counter DLL Host ;C:\ProgramData\kerberos32.exe --> C:\ProgramData\kerberos32.exe [?]
S2 PerfHost3232;Performance Counter DLL Host ;C:\ProgramData\tapiperf32.exe --> C:\ProgramData\tapiperf32.exe [?]
S2 PerfHost323232;Performance Counter DLL Host ;C:\ProgramData\msidcrl3032.exe --> C:\ProgramData\msidcrl3032.exe [?]
S2 PerfHost32323232;Performance Counter DLL Host ;C:\ProgramData\devrtl32.exe --> C:\ProgramData\devrtl32.exe [?]
S2 Pharos Systems ComTaskMaster32;Pharos Systems ComTaskMaster ;C:\ProgramData\Query32.exe --> C:\ProgramData\Query32.exe [?]
S2 Pharos Systems ComTaskMaster3232;Pharos Systems ComTaskMaster ;C:\ProgramData\p2pcollab32.exe --> C:\ProgramData\p2pcollab32.exe [?]
S2 Pharos Systems ComTaskMaster323232;Pharos Systems ComTaskMaster ;C:\ProgramData\apircl32.exe --> C:\ProgramData\apircl32.exe [?]
S2 PlugPlay32;Plug and Play ;C:\ProgramData\whhelper32.exe --> C:\ProgramData\whhelper32.exe [?]
S2 PlugPlay3232;Plug and Play ;C:\ProgramData\comres32.exe --> C:\ProgramData\comres32.exe [?]
S2 PlugPlay323232;Plug and Play ;C:\ProgramData\tapiui32.exe --> C:\ProgramData\tapiui32.exe [?]
S2 PNRPAutoReg32;PNRP Machine Name Publication Service ;C:\ProgramData\XInput9_1_032.exe --> C:\ProgramData\XInput9_1_032.exe [?]
S2 PNRPAutoReg3232;PNRP Machine Name Publication Service ;C:\ProgramData\igdumd3232.exe --> C:\ProgramData\igdumd3232.exe [?]
S2 PNRPAutoReg3232323232;PNRP Machine Name Publication Service ;C:\ProgramData\qasf32.exe --> C:\ProgramData\qasf32.exe [?]
S2 PolicyAgent32;IPsec Policy Agent ;C:\ProgramData\dbgeng32.exe --> C:\ProgramData\dbgeng32.exe [?]
S2 PolicyAgent323232;IPsec Policy Agent ;C:\ProgramData\mf32.exe --> C:\ProgramData\mf32.exe [?]
S2 PolicyAgent32323232;IPsec Policy Agent ;C:\ProgramData\tquery32.exe --> C:\ProgramData\tquery32.exe [?]
S2 PolicyAgent3232323232;IPsec Policy Agent ;C:\ProgramData\NlsData002132.exe --> C:\ProgramData\NlsData002132.exe [?]
S2 PolicyAgent323232323232;IPsec Policy Agent ;C:\ProgramData\SyncInfrastructure32.exe --> C:\ProgramData\SyncInfrastructure32.exe [?]
S2 Power32;Power ;C:\ProgramData\vss_ps32.exe --> C:\ProgramData\vss_ps32.exe [?]
S2 Power3232;Power ;C:\ProgramData\ulib32.exe --> C:\ProgramData\ulib32.exe [?]
S2 Power323232;Power ;C:\ProgramData\netapi3232.exe --> C:\ProgramData\netapi3232.exe [?]
S2 Power32323232;Power ;C:\ProgramData\msports32.exe --> C:\ProgramData\msports32.exe [?]
S2 ProfSvc32;User Profile Service ;C:\ProgramData\api-ms-win-core-util-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-util-l1-1-032.exe [?]
S2 ProfSvc32323232;User Profile Service ;C:\ProgramData\api-ms-win-core-profile-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-profile-l1-1-032.exe [?]
S2 ProfSvc3232323232;User Profile Service ;C:\ProgramData\KBDIT32.exe --> C:\ProgramData\KBDIT32.exe [?]
S2 ProtectedStorage3232;Protected Storage ;C:\ProgramData\EhStorShell32.exe --> C:\ProgramData\EhStorShell32.exe [?]
S2 ProtectedStorage323232;Protected Storage ;C:\ProgramData\ntprint32.exe --> C:\ProgramData\ntprint32.exe [?]
S2 ProtectedStorage32323232;Protected Storage ;C:\ProgramData\WMVXENCD32.exe --> C:\ProgramData\WMVXENCD32.exe [?]
S2 QWAVE3232;Quality Windows Audio Video Experience ;C:\ProgramData\api-ms-win-core-processenvironment-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-processenvironment-l1-1-032.exe [?]
S2 QWAVE323232;Quality Windows Audio Video Experience ;C:\ProgramData\ntlanman32.exe --> C:\ProgramData\ntlanman32.exe [?]
S2 QWAVE32323232;Quality Windows Audio Video Experience ;C:\ProgramData\rasgcw32.exe --> C:\ProgramData\rasgcw32.exe [?]
S2 QWAVE3232323232;Quality Windows Audio Video Experience ;C:\ProgramData\WebClnt32.exe --> C:\ProgramData\WebClnt32.exe [?]
S2 QWAVE323232323232;Quality Windows Audio Video Experience ;C:\ProgramData\wshelper32.exe --> C:\ProgramData\wshelper32.exe [?]
S2 RasAuto32;Remote Access Auto Connection Manager ;C:\ProgramData\mapistub32.exe --> C:\ProgramData\mapistub32.exe [?]
S2 RasAuto32323232;Remote Access Auto Connection Manager ;C:\ProgramData\api-ms-win-core-localization-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-localization-l1-1-032.exe [?]
S2 RasMan32;Remote Access Connection Manager ;C:\ProgramData\kbdnec32.exe --> C:\ProgramData\kbdnec32.exe [?]
S2 RasMan3232;Remote Access Connection Manager ;C:\ProgramData\wzcdlg32.exe --> C:\ProgramData\wzcdlg32.exe [?]
S2 RemoteAccess32;Routing and Remote Access ;C:\ProgramData\SyncInfrastructureps32.exe --> C:\ProgramData\SyncInfrastructureps32.exe [?]
S2 RemoteAccess3232;Routing and Remote Access ;C:\ProgramData\netiohlp32.exe --> C:\ProgramData\netiohlp32.exe [?]
S2 RemoteRegistry3232;Remote Registry ;C:\ProgramData\msvcr100_clr040032.exe --> C:\ProgramData\msvcr100_clr040032.exe [?]
S2 RpcEptMapper32;RPC Endpoint Mapper ;C:\ProgramData\iassvcs32.exe --> C:\ProgramData\iassvcs32.exe [?]
S2 RpcEptMapper3232;RPC Endpoint Mapper ;C:\ProgramData\accessibilitycpl32.exe --> C:\ProgramData\accessibilitycpl32.exe [?]
S2 RpcEptMapper323232;RPC Endpoint Mapper ;C:\ProgramData\SynTPCOM32.exe --> C:\ProgramData\SynTPCOM32.exe [?]
S2 RpcLocator323232;Remote Procedure Call (RPC) Locator ;C:\ProgramData\SensApi32.exe --> C:\ProgramData\SensApi32.exe [?]
S2 RpcSs32;Remote Procedure Call (RPC) ;C:\ProgramData\WMADMOD32.exe --> C:\ProgramData\WMADMOD32.exe [?]
S2 RpcSs3232;Remote Procedure Call (RPC) ;C:\ProgramData\icm3232.exe --> C:\ProgramData\icm3232.exe [?]
S2 SamSs32;Security Accounts Manager ;C:\ProgramData\dxdiagn32.exe --> C:\ProgramData\dxdiagn32.exe [?]
S2 SamSs3232;Security Accounts Manager ;C:\ProgramData\igdumdx3232.exe --> C:\ProgramData\igdumdx3232.exe [?]
S2 SamSs323232;Security Accounts Manager ;C:\ProgramData\api-ms-win-core-file-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-file-l1-1-032.exe [?]
S2 SCardSvr32;Smart Card ;C:\ProgramData\api-ms-win-core-synch-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-synch-l1-1-032.exe [?]
S2 SCardSvr3232;Smart Card ;C:\ProgramData\msorcl3232.exe --> C:\ProgramData\msorcl3232.exe [?]
S2 Schedule32;Task Scheduler ;C:\ProgramData\iasdatastore32.exe --> C:\ProgramData\iasdatastore32.exe [?]
S2 Schedule3232;Task Scheduler ;C:\ProgramData\drt32.exe --> C:\ProgramData\drt32.exe [?]
S2 Schedule32323232;Task Scheduler ;C:\ProgramData\capisp32.exe --> C:\ProgramData\capisp32.exe [?]
S2 Schedule3232323232;Task Scheduler ;C:\ProgramData\ndfhcdiscovery32.exe --> C:\ProgramData\ndfhcdiscovery32.exe [?]
S2 SCPolicySvc32;Smart Card Removal Policy ;C:\ProgramData\MediaMetadataHandler32.exe --> C:\ProgramData\MediaMetadataHandler32.exe [?]
S2 SCPolicySvc3232;Smart Card Removal Policy ;C:\ProgramData\msvfw3232.exe --> C:\ProgramData\msvfw3232.exe [?]
S2 SDRSVC32;Windows Backup ;C:\ProgramData\hnetmon32.exe --> C:\ProgramData\hnetmon32.exe [?]
S2 SDRSVC32323232;Windows Backup ;C:\ProgramData\wpcsvc32.exe --> C:\ProgramData\wpcsvc32.exe [?]
S2 SDRSVC3232323232;Windows Backup ;C:\ProgramData\esentprf32.exe --> C:\ProgramData\esentprf32.exe [?]
S2 SDRSVC323232323232;Windows Backup ;C:\ProgramData\netcenter32.exe --> C:\ProgramData\netcenter32.exe [?]
S2 SDRSVC32323232323232;Windows Backup ;C:\ProgramData\PortableDeviceTypes32.exe --> C:\ProgramData\PortableDeviceTypes32.exe [?]
S2 SeaPort32;SeaPort ;C:\ProgramData\wscisvif32.exe --> C:\ProgramData\wscisvif32.exe [?]
S2 SeaPort3232;SeaPort ;C:\ProgramData\NlsLexicons001b32.exe --> C:\ProgramData\NlsLexicons001b32.exe [?]
S2 seclogon323232;Secondary Logon ;C:\ProgramData\tvratings32.exe --> C:\ProgramData\tvratings32.exe [?]
S2 seclogon32323232;Secondary Logon ;C:\ProgramData\comsvcs32.exe --> C:\ProgramData\comsvcs32.exe [?]
S2 SensrSvc3232;Adaptive Brightness ;C:\ProgramData\WlS0WndH32.exe --> C:\ProgramData\WlS0WndH32.exe [?]
S2 SessionEnv32;Remote Desktop Configuration ;C:\ProgramData\shellstyle32.exe --> C:\ProgramData\shellstyle32.exe [?]
S2 SessionEnv3232;Remote Desktop Configuration ;C:\ProgramData\wiascanprofiles32.exe --> C:\ProgramData\wiascanprofiles32.exe [?]
S2 SftService323232323232;SoftThinks Agent Service ;C:\ProgramData\nshwfp32.exe --> C:\ProgramData\nshwfp32.exe [?]
S2 SftService3232323232323232;SoftThinks Agent Service ;C:\ProgramData\signdrv32.exe --> C:\ProgramData\signdrv32.exe [?]
S2 SftService323232323232323232;SoftThinks Agent Service ;C:\ProgramData\dmocx32.exe --> C:\ProgramData\dmocx32.exe [?]
S2 SharedAccess3232;Internet Connection Sharing (ICS) ;C:\ProgramData\KBDMAC32.exe --> C:\ProgramData\KBDMAC32.exe [?]
S2 SharedAccess323232;Internet Connection Sharing (ICS) ;C:\ProgramData\ieakeng32.exe --> C:\ProgramData\ieakeng32.exe [?]
S2 SharedAccess32323232;Internet Connection Sharing (ICS) ;C:\ProgramData\winrsmgr32.exe --> C:\ProgramData\winrsmgr32.exe [?]
S2 ShellHWDetection32;Shell Hardware Detection ;C:\ProgramData\KBDBLR32.exe --> C:\ProgramData\KBDBLR32.exe [?]
S2 ShellHWDetection3232;Shell Hardware Detection ;C:\ProgramData\migisol32.exe --> C:\ProgramData\migisol32.exe [?]
S2 sppsvc3232;Software Protection ;C:\ProgramData\KBDTH032.exe --> C:\ProgramData\KBDTH032.exe [?]
S2 sppsvc323232;Software Protection ;C:\ProgramData\comsnap32.exe --> C:\ProgramData\comsnap32.exe [?]
S2 sppsvc32323232;Software Protection ;C:\ProgramData\netcfgx32.exe --> C:\ProgramData\netcfgx32.exe [?]
S2 sppsvc3232323232;Software Protection ;C:\ProgramData\ir50_3232.exe --> C:\ProgramData\ir50_3232.exe [?]
S2 sppuinotify32;SPP Notification Service ;C:\windows\system32\shunimpl32.exe --> C:\windows\system32\shunimpl32.exe [?]
S2 sppuinotify3232;SPP Notification Service ;C:\ProgramData\atmlib32.exe --> C:\ProgramData\atmlib32.exe [?]
S2 sprtsvc_DellSupportCenter32;SupportSoft Sprocket Service (DellSupportCenter) ;C:\ProgramData\api-ms-win-service-core-l1-1-032.exe --> C:\ProgramData\api-ms-win-service-core-l1-1-032.exe [?]
S2 SSDPSRV323232;SSDP Discovery ;C:\ProgramData\panmap32.exe --> C:\ProgramData\panmap32.exe [?]
S2 SSDPSRV32323232;SSDP Discovery ;C:\ProgramData\winmm32.exe --> C:\ProgramData\winmm32.exe [?]
S2 SstpSvc32323232;Secure Socket Tunneling Protocol Service ;C:\ProgramData\filemgmt32.exe --> C:\ProgramData\filemgmt32.exe [?]
S2 stisvc32;Windows Image Acquisition (WIA) ;C:\ProgramData\cliconfg32.exe --> C:\ProgramData\cliconfg32.exe [?]
S2 stisvc3232;Windows Image Acquisition (WIA) ;C:\ProgramData\mtxdm32.exe --> C:\ProgramData\mtxdm32.exe [?]
S2 swprv32;Microsoft Software Shadow Copy Provider ;C:\ProgramData\iprtrmgr32.exe --> C:\ProgramData\iprtrmgr32.exe [?]
S2 swprv3232;Microsoft Software Shadow Copy Provider ;C:\ProgramData\RpcDiag32.exe --> C:\ProgramData\RpcDiag32.exe [?]
S2 SysMain32;Superfetch ;C:\ProgramData\mfvdsp32.exe --> C:\ProgramData\mfvdsp32.exe [?]
S2 TabletInputService32;Tablet PC Input Service ;C:\ProgramData\ocsetapi32.exe --> C:\ProgramData\ocsetapi32.exe [?]
S2 TabletInputService3232;Tablet PC Input Service ;C:\ProgramData\winbrand32.exe --> C:\ProgramData\winbrand32.exe [?]
S2 TabletInputService323232;Tablet PC Input Service ;C:\ProgramData\ias32.exe --> C:\ProgramData\ias32.exe [?]
S2 TabletInputService32323232;Tablet PC Input Service ;C:\ProgramData\btpanui32.exe --> C:\ProgramData\btpanui32.exe [?]
S2 TapiSrv32;Telephony ;C:\ProgramData\iassdo32.exe --> C:\ProgramData\iassdo32.exe [?]
S2 TBS32;TPM Base Services ;C:\ProgramData\WWanAPI32.exe --> C:\ProgramData\WWanAPI32.exe [?]
S2 TBS3232;TPM Base Services ;C:\ProgramData\api-ms-win-core-fibers-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-fibers-l1-1-032.exe [?]
S2 TBS323232;TPM Base Services ;C:\ProgramData\FXSRESM32.exe --> C:\ProgramData\FXSRESM32.exe [?]
S2 TBS32323232;TPM Base Services ;C:\ProgramData\amxread32.exe --> C:\ProgramData\amxread32.exe [?]
S2 TermService32;Remote Desktop Services ;C:\ProgramData\msrating32.exe --> C:\ProgramData\msrating32.exe [?]
S2 TermService3232;Remote Desktop Services ;C:\ProgramData\rpcnsh32.exe --> C:\ProgramData\rpcnsh32.exe [?]
S2 Themes32;Themes ;C:\ProgramData\WMVSENCD32.exe --> C:\ProgramData\WMVSENCD32.exe [?]
S2 TrkWks32;Distributed Link Tracking Client ;C:\ProgramData\atl32.exe --> C:\ProgramData\atl32.exe [?]
S2 TrustedInstaller32;Windows Modules Installer ;C:\ProgramData\wlanapi32.exe --> C:\ProgramData\wlanapi32.exe [?]
S2 TrustedInstaller3232;Windows Modules Installer ;C:\ProgramData\infocardapi32.exe --> C:\ProgramData\infocardapi32.exe [?]
S2 TrustedInstaller323232;Windows Modules Installer ;C:\ProgramData\cewmdm32.exe --> C:\ProgramData\cewmdm32.exe [?]
S2 TrustedInstaller32323232;Windows Modules Installer ;C:\ProgramData\dsuiext32.exe --> C:\ProgramData\dsuiext32.exe [?]
S2 TrustedInstaller3232323232;Windows Modules Installer ;C:\ProgramData\WPDSp32.exe --> C:\ProgramData\WPDSp32.exe [?]
S2 TrustedInstaller323232323232;Windows Modules Installer ;C:\ProgramData\KBDSW32.exe --> C:\ProgramData\KBDSW32.exe [?]
S2 UI0Detect32;Interactive Services Detection ;C:\ProgramData\NlsLexicons004632.exe --> C:\ProgramData\NlsLexicons004632.exe [?]
S2 UI0Detect323232;Interactive Services Detection ;C:\ProgramData\NlsData004b32.exe --> C:\ProgramData\NlsData004b32.exe [?]
S2 UI0Detect323232323232;Interactive Services Detection ;C:\ProgramData\tdh32.exe --> C:\ProgramData\tdh32.exe [?]
S2 UNS32;Intel® Management & Security Application User Notification Service ;C:\ProgramData\KBDSF32.exe --> C:\ProgramData\KBDSF32.exe [?]
S2 UNS3232;Intel® Management & Security Application User Notification Service ;C:\ProgramData\rpcrt432.exe --> C:\ProgramData\rpcrt432.exe [?]
S2 UNS323232;Intel® Management & Security Application User Notification Service ;C:\ProgramData\synceng32.exe --> C:\ProgramData\synceng32.exe [?]
S2 UNS32323232;Intel® Management & Security Application User Notification Service ;C:\ProgramData\mscandui32.exe --> C:\ProgramData\mscandui32.exe [?]
S2 upnphost32;UPnP Device Host ;C:\ProgramData\dmutil32.exe --> C:\ProgramData\dmutil32.exe [?]
S2 upnphost32323232;UPnP Device Host ;C:\ProgramData\KBDHEPT32.exe --> C:\ProgramData\KBDHEPT32.exe [?]
S2 upnphost323232323232;UPnP Device Host ;C:\ProgramData\DXPTaskRingtone32.exe --> C:\ProgramData\DXPTaskRingtone32.exe [?]
S2 upnphost32323232323232;UPnP Device Host ;C:\ProgramData\ole2disp32.exe --> C:\ProgramData\ole2disp32.exe [?]
S2 upnphost3232323232323232;UPnP Device Host ;C:\ProgramData\dmloader32.exe --> C:\ProgramData\dmloader32.exe [?]
S2 VaultSvc3232;Credential Manager ;C:\ProgramData\KBDINMAR32.exe --> C:\ProgramData\KBDINMAR32.exe [?]
S2 VaultSvc323232;Credential Manager ;C:\ProgramData\dmscript32.exe --> C:\ProgramData\dmscript32.exe [?]
S2 VaultSvc32323232;Credential Manager ;C:\ProgramData\autoplay32.exe --> C:\ProgramData\autoplay32.exe [?]
S2 vds32;Virtual Disk ;C:\ProgramData\bitsprx232.exe --> C:\ProgramData\bitsprx232.exe [?]
S2 vds3232;Virtual Disk ;C:\ProgramData\cryptbase32.exe --> C:\ProgramData\cryptbase32.exe [?]
S2 vds32323232;Virtual Disk ;C:\ProgramData\KBDLT232.exe --> C:\ProgramData\KBDLT232.exe [?]
S2 vds3232323232;Virtual Disk ;C:\ProgramData\verifier32.exe --> C:\ProgramData\verifier32.exe [?]
S2 VSS32;Volume Shadow Copy ;C:\ProgramData\bitsprx532.exe --> C:\ProgramData\bitsprx532.exe [?]
S2 VSS3232;Volume Shadow Copy ;C:\ProgramData\user3232.exe --> C:\ProgramData\user3232.exe [?]
S2 VSS323232;Volume Shadow Copy ;C:\ProgramData\nsi32.exe --> C:\ProgramData\nsi32.exe [?]
S2 VSS32323232;Volume Shadow Copy ;C:\ProgramData\KBDPO32.exe --> C:\ProgramData\KBDPO32.exe [?]
S2 VSS3232323232;Volume Shadow Copy ;C:\ProgramData\NlsLexicons001132.exe --> C:\ProgramData\NlsLexicons001132.exe [?]
S2 VSS32323232323232;Volume Shadow Copy ;C:\ProgramData\oleacc32.exe --> C:\ProgramData\oleacc32.exe [?]
S2 VSS3232323232323232;Volume Shadow Copy ;C:\ProgramData\BOOTVID32.exe --> C:\ProgramData\BOOTVID32.exe [?]
S2 VSS323232323232323232;Volume Shadow Copy ;C:\ProgramData\KBDMONMO32.exe --> C:\ProgramData\KBDMONMO32.exe [?]
S2 W32Time32;Windows Time ;C:\ProgramData\api-ms-win-service-winsvc-l1-1-032.exe --> C:\ProgramData\api-ms-win-service-winsvc-l1-1-032.exe [?]
S2 W32Time32323232;Windows Time ;C:\ProgramData\KBDINDEV32.exe --> C:\ProgramData\KBDINDEV32.exe [?]
S2 W32Time3232323232;Windows Time ;C:\ProgramData\KBDUS32.exe --> C:\ProgramData\KBDUS32.exe [?]
S2 WatAdminSvc32;Windows Activation Technologies Service ;C:\ProgramData\kbdnecnt32.exe --> C:\ProgramData\kbdnecnt32.exe [?]
S2 WatAdminSvc3232;Windows Activation Technologies Service ;C:\ProgramData\blackbox32.exe --> C:\ProgramData\blackbox32.exe [?]
S2 WatAdminSvc323232;Windows Activation Technologies Service ;C:\ProgramData\perfproc32.exe --> C:\ProgramData\perfproc32.exe [?]
S2 wbengine32;Block Level Backup Engine Service ;C:\ProgramData\cdosys32.exe --> C:\ProgramData\cdosys32.exe [?]
S2 wbengine3232;Block Level Backup Engine Service ;C:\ProgramData\iashlpr32.exe --> C:\ProgramData\iashlpr32.exe [?]
S2 wbengine32323232;Block Level Backup Engine Service ;C:\ProgramData\perfts32.exe --> C:\ProgramData\perfts32.exe [?]
S2 wbengine3232323232;Block Level Backup Engine Service ;C:\ProgramData\odbcji3232.exe --> C:\ProgramData\odbcji3232.exe [?]
S2 WbioSrvc3232;Windows Biometric Service ;C:\ProgramData\taskschd32.exe --> C:\ProgramData\taskschd32.exe [?]
S2 WbioSrvc323232;Windows Biometric Service ;C:\ProgramData\KBDKYR32.exe --> C:\ProgramData\KBDKYR32.exe [?]
S2 WbioSrvc32323232;Windows Biometric Service ;C:\ProgramData\aaclient32.exe --> C:\ProgramData\aaclient32.exe [?]
S2 WbioSrvc323232323232;Windows Biometric Service ;C:\ProgramData\scksp32.exe --> C:\ProgramData\scksp32.exe [?]
S2 WbioSrvc32323232323232;Windows Biometric Service ;C:\ProgramData\admparse32.exe --> C:\ProgramData\admparse32.exe [?]
S2 WbioSrvc3232323232323232;Windows Biometric Service ;C:\ProgramData\devenum32.exe --> C:\ProgramData\devenum32.exe [?]
S2 wcncsvc32;Windows Connect Now - Config Registrar ;C:\ProgramData\icmp32.exe --> C:\ProgramData\icmp32.exe [?]
S2 wcncsvc3232;Windows Connect Now - Config Registrar ;C:\ProgramData\MSMPEG2ENC32.exe --> C:\ProgramData\MSMPEG2ENC32.exe [?]
S2 wcncsvc323232;Windows Connect Now - Config Registrar ;C:\ProgramData\WMVDECOD32.exe --> C:\ProgramData\WMVDECOD32.exe [?]
S2 WcsPlugInService32323232;Windows Color System ;C:\ProgramData\eapphost32.exe --> C:\ProgramData\eapphost32.exe [?]
S2 WcsPlugInService3232323232;Windows Color System ;C:\ProgramData\dpnet32.exe --> C:\ProgramData\dpnet32.exe [?]
S2 WcsPlugInService323232323232;Windows Color System ;C:\ProgramData\normaliz32.exe --> C:\ProgramData\normaliz32.exe [?]
S2 WcsPlugInService32323232323232;Windows Color System ;C:\ProgramData\msvcp6032.exe --> C:\ProgramData\msvcp6032.exe [?]
S2 WdiServiceHost3232;Diagnostic Service Host ;C:\ProgramData\colorui32.exe --> C:\ProgramData\colorui32.exe [?]
S2 WdiSystemHost32;Diagnostic System Host ;C:\ProgramData\winrnr32.exe --> C:\ProgramData\winrnr32.exe [?]
S2 WdiSystemHost3232;Diagnostic System Host ;C:\ProgramData\UIAutomationCore32.exe --> C:\ProgramData\UIAutomationCore32.exe [?]
S2 WdiSystemHost323232;Diagnostic System Host ;C:\ProgramData\KBDCZ32.exe --> C:\ProgramData\KBDCZ32.exe [?]
S2 WdiSystemHost32323232;Diagnostic System Host ;C:\ProgramData\resutils32.exe --> C:\ProgramData\resutils32.exe [?]
S2 WdiSystemHost3232323232;Diagnostic System Host ;C:\ProgramData\comrepl32.exe --> C:\ProgramData\comrepl32.exe [?]
S2 WdiSystemHost323232323232;Diagnostic System Host ;C:\ProgramData\wuapi32.exe --> C:\ProgramData\wuapi32.exe [?]
S2 WdiSystemHost32323232323232;Diagnostic System Host ;C:\ProgramData\gameux32.exe --> C:\ProgramData\gameux32.exe [?]
S2 WdiSystemHost3232323232323232;Diagnostic System Host ;C:\ProgramData\NlsModels001132.exe --> C:\ProgramData\NlsModels001132.exe [?]
S2 WebClient3232;WebClient ;C:\ProgramData\C_IS202232.exe --> C:\ProgramData\C_IS202232.exe [?]
S2 WebClient323232;WebClient ;C:\ProgramData\NlsLexicons000932.exe --> C:\ProgramData\NlsLexicons000932.exe [?]
S2 Wecsvc32;Windows Event Collector ;C:\ProgramData\KBDTH132.exe --> C:\ProgramData\KBDTH132.exe [?]
S2 Wecsvc3232;Windows Event Collector ;C:\ProgramData\rasdiag32.exe --> C:\ProgramData\rasdiag32.exe [?]
S2 Wecsvc323232;Windows Event Collector ;C:\ProgramData\icardres32.exe --> C:\ProgramData\icardres32.exe [?]
S2 wercplsupport32;Problem Reports and Solutions Control Panel Support ;C:\ProgramData\igfxexps3232.exe --> C:\ProgramData\igfxexps3232.exe [?]
S2 wercplsupport3232;Problem Reports and Solutions Control Panel Support ;C:\ProgramData\apss32.exe --> C:\ProgramData\apss32.exe [?]
S2 wercplsupport323232;Problem Reports and Solutions Control Panel Support ;C:\ProgramData\atmfd32.exe --> C:\ProgramData\atmfd32.exe [?]
S2 wercplsupport32323232;Problem Reports and Solutions Control Panel Support ;C:\ProgramData\NlsLexicons003e32.exe --> C:\ProgramData\NlsLexicons003e32.exe [?]
S2 WerSvc32;Windows Error Reporting Service ;C:\ProgramData\pku2u32.exe --> C:\ProgramData\pku2u32.exe [?]
S2 WerSvc3232;Windows Error Reporting Service ;C:\ProgramData\odfox3232.exe --> C:\ProgramData\odfox3232.exe [?]
S2 WerSvc32323232;Windows Error Reporting Service ;C:\ProgramData\FirewallControlPanel32.exe --> C:\ProgramData\FirewallControlPanel32.exe [?]
S2 WerSvc3232323232;Windows Error Reporting Service ;C:\ProgramData\wmpcm32.exe --> C:\ProgramData\wmpcm32.exe [?]
S2 WinHttpAutoProxySvc32;WinHTTP Web Proxy Auto-Discovery Service ;C:\ProgramData\DxpTaskSync32.exe --> C:\ProgramData\DxpTaskSync32.exe [?]
S2 WinHttpAutoProxySvc3232;WinHTTP Web Proxy Auto-Discovery Service ;C:\ProgramData\mssitlb32.exe --> C:\ProgramData\mssitlb32.exe [?]
S2 Winmgmt32;Windows Management Instrumentation ;C:\ProgramData\iscsidsc32.exe --> C:\ProgramData\iscsidsc32.exe [?]
S2 Winmgmt3232;Windows Management Instrumentation ;C:\ProgramData\vdmdbg32.exe --> C:\ProgramData\vdmdbg32.exe [?]
S2 Winmgmt323232;Windows Management Instrumentation ;C:\ProgramData\adtschema32.exe --> C:\ProgramData\adtschema32.exe [?]
S2 WinRM32;Windows Remote Management (WS-Management) ;C:\ProgramData\dpnaddr32.exe --> C:\ProgramData\dpnaddr32.exe [?]
S2 WinRM3232;Windows Remote Management (WS-Management) ;C:\ProgramData\api-ms-win-core-misc-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-misc-l1-1-032.exe [?]
S2 WinRM323232;Windows Remote Management (WS-Management) ;C:\ProgramData\mfplat32.exe --> C:\ProgramData\mfplat32.exe [?]
S2 Wlansvc3232;WLAN AutoConfig ;C:\ProgramData\tapisrv32.exe --> C:\ProgramData\tapisrv32.exe [?]
S2 Wlansvc323232;WLAN AutoConfig ;C:\ProgramData\mssign3232.exe --> C:\ProgramData\mssign3232.exe [?]
S2 wltrysvc32;DW WLAN Tray Service ;C:\ProgramData\rasmontr32.exe --> C:\ProgramData\rasmontr32.exe [?]
S2 wltrysvc3232;DW WLAN Tray Service ;C:\ProgramData\dmcompos32.exe --> C:\ProgramData\dmcompos32.exe [?]
S2 WMPNetworkSvc32;Windows Media Player Network Sharing Service ;C:\ProgramData\api-ms-win-security-base-l1-1-032.exe --> C:\ProgramData\api-ms-win-security-base-l1-1-032.exe [?]
S2 WMPNetworkSvc3232;Windows Media Player Network Sharing Service ;C:\ProgramData\api-ms-win-core-io-l1-1-032.exe --> C:\ProgramData\api-ms-win-core-io-l1-1-032.exe [?]
S2 WMPNetworkSvc323232;Windows Media Player Network Sharing Service ;C:\ProgramData\spwizeng32.exe --> C:\ProgramData\spwizeng32.exe [?]
S2 WPCSvc323232;Parental Controls ;C:\ProgramData\NlsData001a32.exe --> C:\ProgramData\NlsData001a32.exe [?]
S2 WPCSvc32323232;Parental Controls ;C:\ProgramData\NlsData081632.exe --> C:\ProgramData\NlsData081632.exe [?]
S2 WPDBusEnum32;Portable Device Enumerator Service ;C:\ProgramData\KBDBE32.exe --> C:\ProgramData\KBDBE32.exe [?]
S2 WPDBusEnum3232;Portable Device Enumerator Service ;C:\ProgramData\negoexts32.exe --> C:\ProgramData\negoexts32.exe [?]
S2 WPDBusEnum323232;Portable Device Enumerator Service ;C:\ProgramData\FXSCOM32.exe --> C:\ProgramData\FXSCOM32.exe [?]
S2 WPDBusEnum32323232;Portable Device Enumerator Service ;C:\ProgramData\luainstall32.exe --> C:\ProgramData\luainstall32.exe [?]
S2 wuauserv3232;Windows Update ;C:\ProgramData\clfsw3232.exe --> C:\ProgramData\clfsw3232.exe [?]
S2 wuauserv323232;Windows Update ;C:\ProgramData\wsock3232.exe --> C:\ProgramData\wsock3232.exe [?]
S2 wuauserv32323232;Windows Update ;C:\ProgramData\EAPQEC32.exe --> C:\ProgramData\EAPQEC32.exe [?]
S2 wudfsvc32;Windows Driver Foundation - User-mode Driver Framework ;C:\ProgramData\provthrd32.exe --> C:\ProgramData\provthrd32.exe [?]
S2 wudfsvc3232;Windows Driver Foundation - User-mode Driver Framework ;C:\ProgramData\KBDHU132.exe --> C:\ProgramData\KBDHU132.exe [?]
S2 wudfsvc323232;Windows Driver Foundation - User-mode Driver Framework ;C:\ProgramData\NlsData001b32.exe --> C:\ProgramData\NlsData001b32.exe [?]
S2 wudfsvc32323232;Windows Driver Foundation - User-mode Driver Framework ;C:\ProgramData\usbui32.exe --> C:\ProgramData\usbui32.exe [?]
S2 WwanSvc32;WWAN AutoConfig ;C:\ProgramData\console32.exe --> C:\ProgramData\console32.exe [?]
S2 WwanSvc323232;WWAN AutoConfig ;C:\ProgramData\pla32.exe --> C:\ProgramData\pla32.exe [?]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2010-8-27 250040]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2010-8-27 348344]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys --> C:\windows\system32\DRIVERS\yk62x64.sys [?]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2010-7-31 355440]
.
=============== Created Last 30 ================
.
2011-08-26 13:35:53 25160 ----a-w- C:\windows\System32\drivers\hitmanpro35.sys
2011-08-26 13:35:52 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-08-26 13:34:40 -------- d-----w- C:\ProgramData\Hitman Pro
2011-08-26 03:28:52 -------- d-----w- C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
2011-08-26 03:28:34 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-08-26 03:28:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-08-26 01:56:40 39192 ----a-w- C:\windows\System32\Partizan.exe
2011-08-26 01:55:00 2 --shatr- C:\windows\winstart.bat
2011-08-26 01:54:35 -------- d-----w- C:\Program Files (x86)\UnHackMe
2011-08-24 12:53:45 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-08-24 12:53:45 2048 ----a-w- C:\windows\System32\tzres.dll
2011-08-20 19:07:58 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-11 00:51:37 338432 ----a-w- C:\windows\System32\conhost.exe
2011-08-11 00:51:37 214528 ----a-w- C:\windows\System32\winsrv.dll
2011-08-11 00:51:36 422400 ----a-w- C:\windows\System32\KernelBase.dll
2011-08-11 00:51:36 243200 ----a-w- C:\windows\System32\wow64.dll
2011-08-11 00:51:33 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-08-03 21:16:53 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Mp3tag
2011-08-03 21:16:16 -------- d-----w- C:\Program Files (x86)\Mp3tag
.
==================== Find3M ====================
.
2011-07-22 05:35:08 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-07-16 05:26:53 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-07-16 05:24:09 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-07-16 04:36:09 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-07-16 04:30:29 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44:55 287744 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-07-06 23:52:42 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-06-23 05:29:39 5507968 ----a-w- C:\windows\System32\ntoskrnl.exe
2011-06-23 04:38:05 3957120 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:38:04 3902336 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2011-06-21 06:27:14 1896832 ----a-w- C:\windows\System32\drivers\tcpip.sys
2011-06-21 06:20:48 1197056 ----a-w- C:\windows\System32\wininet.dll
2011-06-21 06:20:06 57856 ----a-w- C:\windows\System32\licmgr10.dll
2011-06-21 05:36:36 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-06-21 05:35:05 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
2011-06-21 05:05:13 482816 ----a-w- C:\windows\System32\html.iec
2011-06-21 04:26:02 386048 ----a-w- C:\windows\SysWow64\html.iec
2011-06-15 09:58:31 212992 ----a-w- C:\windows\System32\odbctrac.dll
2011-06-15 09:58:31 163840 ----a-w- C:\windows\System32\odbccp32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\windows\System32\odbccu32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\windows\System32\odbccr32.dll
2011-06-15 09:04:46 86016 ----a-w- C:\windows\SysWow64\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- C:\windows\SysWow64\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- C:\windows\SysWow64\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- C:\windows\SysWow64\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- C:\windows\SysWow64\odbccp32.dll
2011-06-11 02:56:44 3134464 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 10:15:14.41 ===============

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 31 August 2011 - 10:31 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kvnb

kvnb
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 02 September 2011 - 12:45 PM

Thank you so much!! I'm sorry I haven't gotten back to you sooner--I live in a dorm and my internet access has been spotty lately.

Here's the first log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Kevin at 13:35:27 on 2011-09-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.1116 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nytimes.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110514234213.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
uRun: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 129.49.7.170
TCP: Interfaces\{30583A1B-844B-4A5A-B180-340E8008E736} : DhcpNameServer = 129.49.7.170
TCP: Interfaces\{30583A1B-844B-4A5A-B180-340E8008E736}\0516E64625E45647 : DhcpNameServer = 10.100.100.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{30583A1B-844B-4A5A-B180-340E8008E736}\2423E41573 : DhcpNameServer = 192.168.1.1 68.237.161.12
TCP: Interfaces\{30583A1B-844B-4A5A-B180-340E8008E736}\64C6576666973516E6377596275637 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{30583A1B-844B-4A5A-B180-340E8008E736}\75F6C6669656E45647D2745647D234F6E6E65636475646 : DhcpNameServer = 172.20.48.1
TCP: Interfaces\{30583A1B-844B-4A5A-B180-340E8008E736}\75F6C6669656E45647D27457563747 : DhcpNameServer = 172.20.24.1
TCP: Interfaces\{30583A1B-844B-4A5A-B180-340E8008E736}\A457374796E6 : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110514234213.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun-x64: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\cfjbqc99.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kevin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: XUL Cache: {e949881f-2ebb-465c-a939-a9458ad75c13} - %profile%\extensions\{e949881f-2ebb-465c-a939-a9458ad75c13}
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\system32\drivers\mfehidk.sys --> C:\windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\system32\drivers\mfewfpk.sys --> C:\windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswSP;avast! Self Protection;C:\windows\system32\drivers\aswSP.sys --> C:\windows\system32\drivers\aswSP.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\system32\DRIVERS\mfenlfk.sys --> C:\windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R2 aswFsBlk;aswFsBlk;C:\windows\system32\DRIVERS\aswFsBlk.sys --> C:\windows\system32\DRIVERS\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;C:\windows\system32\DRIVERS\aswMonFlt.sys --> C:\windows\system32\DRIVERS\aswMonFlt.sys [?]
R3 BcmVWL;Broadcom Virtual Wireless;C:\windows\system32\DRIVERS\bcmvwl64.sys --> C:\windows\system32\DRIVERS\bcmvwl64.sys [?]
R3 btusbflt;Bluetooth USB Filter;C:\windows\system32\drivers\btusbflt.sys --> C:\windows\system32\drivers\btusbflt.sys [?]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\windows\system32\drivers\cfwids.sys --> C:\windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\system32\drivers\mfeavfk.sys --> C:\windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\system32\drivers\mfefirek.sys --> C:\windows\system32\drivers\mfefirek.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\system32\drivers\mferkdet.sys --> C:\windows\system32\drivers\mferkdet.sys [?]
.
=============== Created Last 30 ================
.
2011-08-30 04:25:22 -------- d-----w- C:\Program Files\Symantec
2011-08-30 04:21:37 -------- d-----w- C:\Users\Kevin\AppData\Local\Symantec
2011-08-30 04:16:02 503808 ----a-w- C:\windows\SysWow64\MSVCP71.DLL
2011-08-30 04:16:02 348160 ----a-w- C:\windows\SysWow64\MSVCR71.DLL
2011-08-30 04:16:02 1060864 ----a-w- C:\windows\SysWow64\MFC71.DLL
2011-08-30 04:15:32 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-08-30 04:15:31 -------- d-----w- C:\ProgramData\Symantec
2011-08-30 04:15:31 -------- d-----w- C:\Program Files (x86)\Symantec
2011-08-30 04:15:31 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-08-30 04:06:03 -------- d-----w- C:\windows\System32\SPReview
2011-08-30 04:04:24 -------- d-----w- C:\windows\System32\EventProviders
2011-08-26 13:35:53 25160 ----a-w- C:\windows\System32\drivers\hitmanpro35.sys
2011-08-26 13:35:52 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-08-26 13:34:40 -------- d-----w- C:\ProgramData\Hitman Pro
2011-08-26 03:28:52 -------- d-----w- C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
2011-08-26 03:28:34 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-08-26 03:28:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-08-26 01:56:40 39192 ----a-w- C:\windows\System32\Partizan.exe
2011-08-26 01:55:00 2 --shatr- C:\windows\winstart.bat
2011-08-26 01:54:35 -------- d-----w- C:\Program Files (x86)\UnHackMe
2011-08-24 12:53:45 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-08-24 12:53:45 2048 ----a-w- C:\windows\System32\tzres.dll
2011-08-20 19:07:58 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-11 00:51:37 338432 ----a-w- C:\windows\System32\conhost.exe
2011-08-11 00:51:37 214528 ----a-w- C:\windows\System32\winsrv.dll
2011-08-11 00:51:36 421888 ----a-w- C:\windows\System32\KernelBase.dll
2011-08-11 00:51:36 243200 ----a-w- C:\windows\System32\wow64.dll
2011-08-11 00:51:33 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-08-03 21:16:53 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Mp3tag
2011-08-03 21:16:16 -------- d-----w- C:\Program Files (x86)\Mp3tag
.
==================== Find3M ====================
.
2011-08-30 04:19:22 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2011-08-30 04:19:21 175616 ----a-w- C:\windows\System32\msclmd.dll
2011-07-22 05:22:26 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2011-07-22 04:54:18 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-07-16 05:41:50 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-07-16 05:41:49 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-07-16 04:29:19 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-07-16 04:24:23 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:46:28 288768 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-07-06 23:52:42 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-06-23 05:43:12 5561216 ----a-w- C:\windows\System32\ntoskrnl.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\windows\System32\drivers\tcpip.sys
2011-06-21 06:20:53 1188864 ----a-w- C:\windows\System32\wininet.dll
2011-06-21 05:28:33 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2011-06-15 10:02:23 212992 ----a-w- C:\windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\windows\SysWow64\odbccp32.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 13:37:46.70 ===============



Here's the Attach log:

.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/16/2010 12:17:10 AM
System Uptime: 9/2/2011 6:49:14 AM (7 hours ago)
.
Motherboard: Dell Inc. | | 0WXY9J
Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz | CPU 1 | 927/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 233.464 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Microsoft Teredo Tunneling Adapter
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP109: 8/30/2011 12:05:55 AM - Windows 7 Service Pack 1
RP110: 8/31/2011 8:59:34 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
Advanced Audio FX Engine
AIM 7
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Software Update
avast! Antivirus
Banctec Service Agreement
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Complete Care Consumer Service Agreement
Cozi
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Getting Started Guide
Dell Support Center (Support Software)
Dell Webcam Central
Download Updater (AOL LLC)
GoToAssist 8.0.0.514
Intel® Control Center
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 22
Junk Mail filter update
Live! Cam Avatar Creator
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee Security Center
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.21)
Mp3tag v2.49
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MuseScore 0.9.6.3 MuseScore score typesetter
Pharos
QuickTime
Real Lives 2004
Real Lives 2010
Revealing Archaeology
Roxio Burn
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Skype Toolbars
Skype™ 5.3
Unity Web Player
WildTangent Games
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
9/2/2011 1:00:41 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
9/1/2011 3:19:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the avast! Antivirus service to connect.
9/1/2011 3:19:35 PM, Error: Service Control Manager [7000] - The avast! Antivirus service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/30/2011 12:31:30 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The process cannot access the file because it is being used by another process.
8/30/2011 12:30:11 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: The process cannot access the file because it is being used by another process.
8/30/2011 12:30:11 AM, Error: Microsoft-Windows-WMPNSS-Service [14324] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x80070020'. If possible, reinstall Windows Media Player.
8/30/2011 12:29:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "32" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/30/2011 12:29:28 AM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The process cannot access the file because it is being used by another process.
8/30/2011 12:28:53 AM, Error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.
8/30/2011 12:24:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Symantec Settings Manager service to connect.
8/30/2011 12:16:59 AM, Error: Service Control Manager [7030] - The Symantec Management Client service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/30/2011 12:01:14 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
8/26/2011 9:56:45 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Partizan
8/26/2011 9:25:18 AM, Error: Application Popup [1060] - \??\C:\windows\SysWow64\Drivers\regguard.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/26/2011 2:56:12 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer SASQUATCHER9000 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{30583A1B-844B-4A5A-B180-340E8008E736}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 02 September 2011 - 12:48 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 04 September 2011 - 11:27 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 kvnb

kvnb
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 05 September 2011 - 04:30 PM

Sorry, I've been busy these last few days. I just have a question, though--from what I understand, Combofix has the potential to do irreversible damage if I do something wrong, right? I'm the kind of person who screws up a lot, so I'm just a little nervous to try it.

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 05 September 2011 - 07:39 PM

I have used it a alot of computers


Combofix makes backups of everything it does and I have a great support group if something goes wronge



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 kvnb

kvnb
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 07 September 2011 - 09:32 AM

Okay, thanks. I'm busy until later tonight, but I plan to run it then.

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 07 September 2011 - 10:22 AM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 kvnb

kvnb
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 09 September 2011 - 08:28 AM

OK, so I ran Combofix last night. It seems to have screwed something up. Now, whenever I try to run any program, it gives me an error message--something about performing an illegal action with a registry key that was marked for deletion. (I'm currently posting on a public computer) It did give me a log though, so I'm going to try and grab it with a flash drive and post it later today. Hopefully this can be fixed...

#11 kvnb

kvnb
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 09 September 2011 - 09:36 AM

Disregard that last post--I rebooted my computer and all seems fine. I've tried several google searches and have not been redirected, although I suppose I could just have been lucky.

Anyway, here's the log:

ComboFix 11-09-08.03 - Kevin 09/08/2011 21:48:14.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3895.2364 [GMT -4:00]
Running from: c:\users\Kevin\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Kevin\AppData\Local\h6ve88fkf4k0i503wweq28u3i3t0b2s
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Fix Disk
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Fix Disk\Uninstall Windows Fix Disk.lnk
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Fix Disk\Windows Fix Disk.lnk
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Templates\h6ve88fkf4k0i503wweq28u3i3t0b2s
c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\cfjbqc99.default\extensions\{e949881f-2ebb-465c-a939-a9458ad75c13}
c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\cfjbqc99.default\extensions\{e949881f-2ebb-465c-a939-a9458ad75c13}\chrome.manifest
c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\cfjbqc99.default\extensions\{e949881f-2ebb-465c-a939-a9458ad75c13}\chrome\xulcache.jar
c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\cfjbqc99.default\extensions\{e949881f-2ebb-465c-a939-a9458ad75c13}\defaults\preferences\xulcache.js
c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\cfjbqc99.default\extensions\{e949881f-2ebb-465c-a939-a9458ad75c13}\install.rdf
c:\users\Kevin\Desktop\Windows Fix Disk.lnk
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_BITS32
-------\Service_RpcSs32
.
.
((((((((((((((((((((((((( Files Created from 2011-08-09 to 2011-09-09 )))))))))))))))))))))))))))))))
.
.
2011-09-09 04:02 . 2011-09-09 04:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-30 04:25 . 2011-08-30 04:25 -------- d-----w- c:\program files\Symantec
2011-08-30 04:21 . 2011-08-30 04:21 -------- d-----w- c:\users\Kevin\AppData\Local\Symantec
2011-08-30 04:16 . 2007-03-22 00:39 1060864 ----a-w- c:\windows\SysWow64\MFC71.DLL
2011-08-30 04:16 . 2007-03-22 00:33 503808 ----a-w- c:\windows\SysWow64\MSVCP71.DLL
2011-08-30 04:16 . 2007-03-22 00:33 348160 ----a-w- c:\windows\SysWow64\MSVCR71.DLL
2011-08-30 04:15 . 2011-08-30 04:16 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-08-30 04:15 . 2011-08-30 04:24 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-08-30 04:15 . 2011-08-30 04:24 -------- d-----w- c:\programdata\Symantec
2011-08-30 04:15 . 2011-08-30 04:16 -------- d-----w- c:\program files (x86)\Symantec
2011-08-30 04:06 . 2011-08-30 04:06 -------- d-----w- c:\windows\system32\SPReview
2011-08-30 04:04 . 2011-08-30 04:04 -------- d-----w- c:\windows\system32\EventProviders
2011-08-26 13:35 . 2011-08-26 13:35 25160 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-26 13:35 . 2011-08-26 13:35 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-08-26 13:34 . 2011-08-26 13:35 -------- d-----w- c:\programdata\Hitman Pro
2011-08-26 03:28 . 2011-08-26 03:28 -------- d-----w- c:\users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
2011-08-26 03:28 . 2011-08-26 03:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-26 03:28 . 2011-08-26 03:28 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-26 01:56 . 2011-08-26 01:56 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-08-26 01:55 . 2011-08-26 01:55 2 --shatr- c:\windows\winstart.bat
2011-08-26 01:54 . 2011-08-26 14:00 -------- d-----w- c:\program files (x86)\UnHackMe
2011-08-24 12:53 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-24 12:53 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-08-20 19:57 . 2011-08-20 19:57 -------- d-----w- c:\windows\Sun
2011-08-20 19:07 . 2011-08-26 19:44 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-11 00:51 . 2011-06-24 05:34 214528 ----a-w- c:\windows\system32\winsrv.dll
2011-08-11 00:51 . 2011-06-24 05:25 338432 ----a-w- c:\windows\system32\conhost.exe
2011-08-11 00:51 . 2011-07-16 05:41 243200 ----a-w- c:\windows\system32\wow64.dll
2011-08-11 00:51 . 2011-07-16 05:37 421888 ----a-w- c:\windows\system32\KernelBase.dll
2011-08-11 00:51 . 2011-07-16 04:25 25600 ----a-w- c:\windows\SysWow64\setup16.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-30 04:19 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-30 04:19 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-16 04:26 . 2011-08-11 00:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-06 23:52 . 2010-08-17 01:22 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52 . 2010-08-17 01:22 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 5471104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-23 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2011-06-28 1486392]
"DellSupportCenter"="c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-1 1079584]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AeLookupSvc32;Application Experience ;c:\programdata\msyuv32.exe [x]
R2 AESTFilters32;Andrea ST Filters Service ;c:\programdata\webservices32.exe [x]
R2 ALG3232;Application Layer Gateway Service ;c:\programdata\KBDDIV132.exe [x]
R2 ALG323232;Application Layer Gateway Service ;c:\programdata\TaskSchdPS32.exe [x]
R2 AppIDSvc32;Application Identity ;c:\programdata\irclass32.exe [x]
R2 AppIDSvc3232;Application Identity ;c:\programdata\networkexplorer32.exe [x]
R2 AppIDSvc323232;Application Identity ;c:\programdata\PortableDeviceStatus32.exe [x]
R2 Appinfo32;Application Information ;c:\programdata\dnssdX32.exe [x]
R2 Appinfo3232;Application Information ;c:\programdata\catsrvut32.exe [x]
R2 Appinfo323232;Application Information ;c:\programdata\mprdim32.exe [x]
R2 Appinfo32323232;Application Information ;c:\programdata\mprapi32.exe [x]
R2 Apple Mobile Device32;Apple Mobile Device ;c:\programdata\NlsLexicons002032.exe [x]
R2 Apple Mobile Device323232;Apple Mobile Device ;c:\programdata\RstrtMgr32.exe [x]
R2 Apple Mobile Device32323232;Apple Mobile Device ;c:\programdata\dskquoui32.exe [x]
R2 Apple Mobile Device3232323232;Apple Mobile Device ;c:\programdata\fdPnp32.exe [x]
R2 aswUpdSv32;avast! iAVS4 Control Service ;c:\programdata\imapi2fs32.exe [x]
R2 aswUpdSv3232;avast! iAVS4 Control Service ;c:\programdata\NAPHLPR32.exe [x]
R2 AudioEndpointBuilder32;Windows Audio Endpoint Builder ;c:\programdata\msnetobj32.exe [x]
R2 AudioEndpointBuilder323232;Windows Audio Endpoint Builder ;c:\programdata\TSWorkspace32.exe [x]
R2 AudioEndpointBuilder3232323232;Windows Audio Endpoint Builder ;c:\programdata\KBDAZE32.exe [x]
R2 AudioEndpointBuilder323232323232;Windows Audio Endpoint Builder ;c:\programdata\iassam32.exe [x]
R2 AudioSrv32;Windows Audio ;c:\programdata\iyuv_3232.exe [x]
R2 AudioSrv323232;Windows Audio ;c:\programdata\nlsbres32.exe [x]
R2 AudioSrv32323232;Windows Audio ;c:\programdata\msexch4032.exe [x]
R2 AudioSrv3232323232;Windows Audio ;c:\programdata\winsockhc32.exe [x]
R2 avast! Antivirus32;avast! Antivirus ;c:\programdata\KBDTUF32.exe [x]
R2 avast! Antivirus3232;avast! Antivirus ;c:\programdata\KBDLA32.exe [x]
R2 avast! Antivirus323232;avast! Antivirus ;c:\programdata\wsecedit32.exe [x]
R2 avast! Antivirus32323232;avast! Antivirus ;c:\programdata\KBDYAK32.exe [x]
R2 avast! Mail Scanner32;avast! Mail Scanner ;c:\programdata\api-ms-win-service-management-l1-1-032.exe [x]
R2 avast! Web Scanner32;avast! Web Scanner ;c:\programdata\KBDINBE132.exe [x]
R2 avast! Web Scanner3232;avast! Web Scanner ;c:\programdata\uniplat32.exe [x]
R2 avast! Web Scanner323232;avast! Web Scanner ;c:\programdata\d3d1132.exe [x]
R2 avast! Web Scanner323232323232;avast! Web Scanner ;c:\programdata\igd10umd3232.exe [x]
R2 AxInstSV32;ActiveX Installer (AxInstSV) ;c:\programdata\KBDDIV232.exe [x]
R2 AxInstSV3232;ActiveX Installer (AxInstSV) ;c:\programdata\msxml432.exe [x]
R2 BDESVC32;BitLocker Drive Encryption Service ;c:\programdata\d3dramp32.exe [x]
R2 BDESVC3232;BitLocker Drive Encryption Service ;c:\programdata\fdBth32.exe [x]
R2 BDESVC323232;BitLocker Drive Encryption Service ;c:\programdata\cnvfat32.exe [x]
R2 BDESVC32323232;BitLocker Drive Encryption Service ;c:\programdata\RASMM32.exe [x]
R2 BDESVC3232323232;BitLocker Drive Encryption Service ;c:\programdata\udhisapi32.exe [x]
R2 BFE32;Base Filtering Engine ;c:\programdata\imagesp132.exe [x]
R2 BITS3232;Background Intelligent Transfer Service ;c:\programdata\ActionCenter32.exe [x]
R2 Bonjour Service323232;Bonjour Service ;c:\programdata\asferror32.exe [x]
R2 Bonjour Service32323232;Bonjour Service ;c:\programdata\srvcli32.exe [x]
R2 Bonjour Service3232323232;Bonjour Service ;c:\programdata\adsldp32.exe [x]
R2 Bonjour Service323232323232;Bonjour Service ;c:\programdata\cmlua32.exe [x]
R2 Bonjour Service32323232323232;Bonjour Service ;c:\programdata\qdv32.exe [x]
R2 Bonjour Service3232323232323232;Bonjour Service ;c:\programdata\samlib32.exe [x]
R2 Bonjour Service323232323232323232;Bonjour Service ;c:\programdata\NlsData000032.exe [x]
R2 Browser32;Computer Browser ;c:\programdata\odtext3232.exe [x]
R2 bthserv32;Bluetooth Support Service ;c:\programdata\wmpeffects32.exe [x]
R2 bthserv323232;Bluetooth Support Service ;c:\programdata\tcpipcfg32.exe [x]
R2 bthserv32323232;Bluetooth Support Service ;c:\programdata\winrssrv32.exe [x]
R2 btwdins32;Bluetooth Service ;c:\programdata\RpcNs432.exe [x]
R2 btwdins323232;Bluetooth Service ;c:\programdata\mswstr1032.exe [x]
R2 btwdins32323232;Bluetooth Service ;c:\programdata\audiodev32.exe [x]
R2 clr_optimization_v2.0.50727_323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\wiadefui32.exe [x]
R2 clr_optimization_v2.0.50727_32323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\ole232.exe [x]
R2 clr_optimization_v2.0.50727_3232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\utildll32.exe [x]
R2 clr_optimization_v2.0.50727_323232323232;Microsoft .NET Framework NGEN v2.0.50727_X86 ;c:\programdata\iasads32.exe [x]
R2 clr_optimization_v2.0.50727_6432;Microsoft .NET Framework NGEN v2.0.50727_X64 ;c:\programdata\winnsi32.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_3232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\api-ms-win-core-heap-l1-1-032.exe [x]
R2 clr_optimization_v4.0.30319_3232323232;Microsoft .NET Framework NGEN v4.0.30319_X86 ;c:\programdata\iernonce32.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 clr_optimization_v4.0.30319_643232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\cryptnet32.exe [x]
R2 clr_optimization_v4.0.30319_64323232;Microsoft .NET Framework NGEN v4.0.30319_X64 ;c:\programdata\napdsnap32.exe [x]
R2 COMSysApp32;COM+ System Application ;c:\programdata\KBDGAE32.exe [x]
R2 COMSysApp323232;COM+ System Application ;c:\programdata\wmi32.exe [x]
R2 COMSysApp32323232;COM+ System Application ;c:\programdata\NlsLexicons001932.exe [x]
R2 CryptSvc323232;Cryptographic Services ;c:\programdata\dinput832.exe [x]
R2 CryptSvc32323232;Cryptographic Services ;c:\programdata\dmime32.exe [x]
R2 CryptSvc3232323232;Cryptographic Services ;c:\programdata\mswdat1032.exe [x]
R2 defragsvc32;Disk Defragmenter ;c:\programdata\KBDINKAN32.exe [x]
R2 defragsvc323232;Disk Defragmenter ;c:\programdata\iologmsg32.exe [x]
R2 defragsvc32323232;Disk Defragmenter ;c:\programdata\dhcpsapi32.exe [x]
R2 defragsvc32323232323232;Disk Defragmenter ;c:\programdata\NlsLexicons000232.exe [x]
R2 defragsvc3232323232323232;Disk Defragmenter ;c:\programdata\NlsData0c1a32.exe [x]
R2 Dhcp32;DHCP Client ;c:\programdata\KBDMLT4832.exe [x]
R2 Dnscache32;DNS Client ;c:\programdata\mtxclu32.exe [x]
R2 DockLoginService32;Dock Login Service ;c:\programdata\spwinsat32.exe [x]
R2 DockLoginService3232;Dock Login Service ;c:\programdata\KBDRO32.exe [x]
R2 DockLoginService323232;Dock Login Service ;c:\programdata\xolehlp32.exe [x]
R2 DPS32;Diagnostic Policy Service ;c:\programdata\msiltcfg32.exe [x]
R2 DPS323232;Diagnostic Policy Service ;c:\programdata\WinSATAPI32.exe [x]
R2 DPS32323232;Diagnostic Policy Service ;c:\programdata\cngaudit32.exe [x]
R2 DPS3232323232;Diagnostic Policy Service ;c:\programdata\mfc40u32.exe [x]
R2 DPS323232323232;Diagnostic Policy Service ;c:\programdata\msvcrt2032.exe [x]
R2 EapHost32;Extensible Authentication Protocol ;c:\programdata\racpldlg32.exe [x]
R2 EapHost3232;Extensible Authentication Protocol ;c:\programdata\perfnet32.exe [x]
R2 EapHost323232;Extensible Authentication Protocol ;c:\programdata\qcap32.exe [x]
R2 EapHost32323232;Extensible Authentication Protocol ;c:\programdata\t2embed32.exe [x]
R2 EapHost3232323232;Extensible Authentication Protocol ;c:\programdata\bcryptprimitives32.exe [x]
R2 EFS32;Encrypting File System (EFS) ;c:\programdata\msshooks32.exe [x]
R2 EFS3232;Encrypting File System (EFS) ;c:\programdata\WinSyncProviders32.exe [x]
R2 EFS323232;Encrypting File System (EFS) ;c:\programdata\hid32.exe [x]
R2 ehRecvr3232;Windows Media Center Receiver Service ;c:\programdata\TapiSysprep32.exe [x]
R2 ehRecvr323232;Windows Media Center Receiver Service ;c:\programdata\api-ms-win-core-memory-l1-1-032.exe [x]
R2 ehRecvr32323232;Windows Media Center Receiver Service ;c:\programdata\msltus4032.exe [x]
R2 ehRecvr3232323232;Windows Media Center Receiver Service ;c:\programdata\authz32.exe [x]
R2 ehRecvr323232323232;Windows Media Center Receiver Service ;c:\programdata\msrle3232.exe [x]
R2 ehSched323232;Windows Media Center Scheduler Service ;c:\programdata\wmiprop32.exe [x]
R2 ehSched3232323232;Windows Media Center Scheduler Service ;c:\programdata\xwizards32.exe [x]
R2 ehSched323232323232;Windows Media Center Scheduler Service ;c:\programdata\iepeers32.exe [x]
R2 eventlog32;Windows Event Log ;c:\programdata\NlsData081a32.exe [x]
R2 eventlog3232;Windows Event Log ;c:\programdata\lz3232.exe [x]
R2 eventlog323232;Windows Event Log ;c:\programdata\PortableDeviceWiaCompat32.exe [x]
R2 eventlog32323232;Windows Event Log ;c:\programdata\hnetcfg32.exe [x]
R2 eventlog3232323232;Windows Event Log ;c:\programdata\syncui32.exe [x]
R2 EventSystem32;COM+ Event System ;c:\programdata\xwtpw3232.exe [x]
R2 EventSystem3232;COM+ Event System ;c:\programdata\msjint4032.exe [x]
R2 EventSystem323232;COM+ Event System ;c:\programdata\shimgvw32.exe [x]
R2 Fax3232;Fax ;c:\programdata\sqlwid32.exe [x]
R2 fdPHost32;Function Discovery Provider Host ;c:\programdata\KBDRU32.exe [x]
R2 FDResPub32;Function Discovery Resource Publication ;c:\programdata\prnfldr32.exe [x]
R2 FDResPub3232;Function Discovery Resource Publication ;c:\programdata\shacct32.exe [x]
R2 FontCache3.0.0.032;Windows Presentation Foundation Font Cache 3.0.0.0 ;c:\programdata\slwga32.exe [x]
R2 FontCache32;Windows Font Cache Service ;c:\programdata\nlmgp32.exe [x]
R2 FontCache3232;Windows Font Cache Service ;c:\programdata\gcdef32.exe [x]
R2 FontCache323232;Windows Font Cache Service ;c:\programdata\kbdnec9532.exe [x]
R2 GameConsoleService32;GameConsoleService ;c:\programdata\kbdax232.exe [x]
R2 GameConsoleService3232;GameConsoleService ;c:\programdata\ctl3d3232.exe [x]
R2 GameConsoleService323232;GameConsoleService ;c:\programdata\txfw3232.exe [x]
R2 GameConsoleService32323232;GameConsoleService ;c:\programdata\fontsub32.exe [x]
R2 GoToAssist32;GoToAssist ;c:\programdata\NlsData004a32.exe [x]
R2 GoToAssist3232;GoToAssist ;c:\programdata\NlsData003932.exe [x]
R2 GoToAssist323232;GoToAssist ;c:\programdata\mscpxl3232.exe [x]
R2 GoToAssist32323232;GoToAssist ;c:\programdata\QUTIL32.exe [x]
R2 hidserv32;Human Interface Device Access ;c:\programdata\DDOIProxy32.exe [x]
R2 hidserv32323232;Human Interface Device Access ;c:\programdata\ntshrui32.exe [x]
R2 hkmsvc32;Health Key and Certificate Management ;c:\programdata\msdelta32.exe [x]
R2 hkmsvc3232;Health Key and Certificate Management ;c:\programdata\msrepl4032.exe [x]
R2 hkmsvc323232;Health Key and Certificate Management ;c:\programdata\KBDIT14232.exe [x]
R2 hkmsvc323232323232;Health Key and Certificate Management ;c:\programdata\KBDDA32.exe [x]
R2 hkmsvc32323232323232;Health Key and Certificate Management ;c:\programdata\MCEWMDRMNDBootstrap32.exe [x]
R2 hkmsvc3232323232323232;Health Key and Certificate Management ;c:\programdata\cmifw32.exe [x]
R2 hkmsvc323232323232323232;Health Key and Certificate Management ;c:\programdata\XpsGdiConverter32.exe [x]
R2 HomeGroupListener32;HomeGroup Listener ;c:\programdata\scrrun32.exe [x]
R2 HomeGroupListener3232;HomeGroup Listener ;c:\programdata\winrscmd32.exe [x]
R2 IAStorDataMgrSvc32;Intel® Rapid Storage Technology ;c:\programdata\evr32.exe [x]
R2 IAStorDataMgrSvc32323232;Intel® Rapid Storage Technology ;c:\programdata\dmintf32.exe [x]
R2 IAStorDataMgrSvc3232323232;Intel® Rapid Storage Technology ;c:\programdata\WMVSDECD32.exe [x]
R2 IAStorDataMgrSvc323232323232;Intel® Rapid Storage Technology ;c:\programdata\WindowsCodecs32.exe [x]
R2 idsvc32;Windows CardSpace ;c:\programdata\msdtcuiu32.exe [x]
R2 idsvc3232;Windows CardSpace ;c:\programdata\acppage32.exe [x]
R2 idsvc323232;Windows CardSpace ;c:\programdata\jdns_sd32.exe [x]
R2 IKEEXT32;IKE and AuthIP IPsec Keying Modules ;c:\programdata\d3d10_132.exe [x]
R2 IKEEXT3232;IKE and AuthIP IPsec Keying Modules ;c:\programdata\wups32.exe [x]
R2 IPBusEnum32;PnP-X IP Bus Enumerator ;c:\programdata\msdtcVSp1res32.exe [x]
R2 IPBusEnum3232;PnP-X IP Bus Enumerator ;c:\programdata\mfreadwrite32.exe [x]
R2 IPBusEnum323232;PnP-X IP Bus Enumerator ;c:\programdata\WMSPDMOD32.exe [x]
R2 IPBusEnum32323232;PnP-X IP Bus Enumerator ;c:\programdata\dmdskmgr32.exe [x]
R2 KeyIso3232;CNG Key Isolation ;c:\programdata\linkinfo32.exe [x]
R2 KeyIso323232;CNG Key Isolation ;c:\programdata\KBDUKX32.exe [x]
R2 KtmRm32;KtmRm for Distributed Transaction Coordinator ;c:\programdata\NaturalLanguage632.exe [x]
R2 LanmanServer32;Server ;c:\programdata\dciman3232.exe [x]
R2 LanmanServer3232;Server ;c:\programdata\AUDIOKSE32.exe [x]
R2 LanmanServer323232;Server ;c:\programdata\perfctrs32.exe [x]
R2 lltdsvc32;Link-Layer Topology Discovery Mapper ;c:\programdata\d3d8thk32.exe [x]
R2 lltdsvc3232;Link-Layer Topology Discovery Mapper ;c:\programdata\l2gpstore32.exe [x]
R2 lltdsvc323232;Link-Layer Topology Discovery Mapper ;c:\programdata\apphelp32.exe [x]
R2 lltdsvc32323232;Link-Layer Topology Discovery Mapper ;c:\programdata\fundisc32.exe [x]
R2 lltdsvc3232323232;Link-Layer Topology Discovery Mapper ;c:\programdata\NlsLexicons000132.exe [x]
R2 lltdsvc323232323232;Link-Layer Topology Discovery Mapper ;c:\programdata\SSShim32.exe [x]
R2 lmhosts32;TCP/IP NetBIOS Helper ;c:\programdata\mf321632.exe [x]
R2 lmhosts3232;TCP/IP NetBIOS Helper ;c:\programdata\comctl3232.exe [x]
R2 LMS323232;Intel® Management and Security Application Local Management Service ;c:\programdata\rasser32.exe [x]
R2 LMS32323232;Intel® Management and Security Application Local Management Service ;c:\programdata\msscntrs32.exe [x]
R2 MBAMService32;MBAMService ;c:\programdata\KBDNO32.exe [x]
R2 MBAMService3232;MBAMService ;c:\programdata\netfxperf32.exe [x]
R2 MBAMService323232;MBAMService ;c:\programdata\efsutil32.exe [x]
R2 McMPFSvc32;McAfee Personal Firewall Service ;c:\programdata\WinSCard32.exe [x]
R2 mcmscsvc323232;McAfee Services ;c:\programdata\SearchFolder32.exe [x]
R2 McNaiAnn3232;McAfee VirusScan Announcer ;c:\programdata\basecsp32.exe [x]
R2 McNaiAnn323232;McAfee VirusScan Announcer ;c:\programdata\srclient32.exe [x]
R2 McNaiAnn32323232;McAfee VirusScan Announcer ;c:\programdata\wlancfg32.exe [x]
R2 McNaiAnn3232323232;McAfee VirusScan Announcer ;c:\programdata\NlsData001332.exe [x]
R2 McNASvc32323232;McAfee Network Agent ;c:\programdata\iprtprio32.exe [x]
R2 McNASvc3232323232;McAfee Network Agent ;c:\programdata\offfilt32.exe [x]
R2 McNASvc323232323232;McAfee Network Agent ;c:\programdata\dot3ui32.exe [x]
R2 McNASvc32323232323232;McAfee Network Agent ;c:\programdata\rasplap32.exe [x]
R2 McNASvc3232323232323232;McAfee Network Agent ;c:\programdata\spp32.exe [x]
R2 McNASvc323232323232323232;McAfee Network Agent ;c:\programdata\netbios32.exe [x]
R2 McODS32;McAfee Scanner ;c:\programdata\wow3232.exe [x]
R2 McODS3232;McAfee Scanner ;c:\programdata\NlsData001932.exe [x]
R2 McOobeSv32;McAfee OOBE Service ;c:\programdata\untfs32.exe [x]
R2 McOobeSv323232;McAfee OOBE Service ;c:\programdata\msxml332.exe [x]
R2 McOobeSv32323232;McAfee OOBE Service ;c:\programdata\dhcpcore632.exe [x]
R2 McOobeSv323232323232;McAfee OOBE Service ;c:\programdata\ipsmsnap32.exe [x]
R2 McOobeSv32323232323232;McAfee OOBE Service ;c:\programdata\Syncreg32.exe [x]
R2 McOobeSv3232323232323232;McAfee OOBE Service ;c:\programdata\fltLib32.exe [x]
R2 McOobeSv323232323232323232;McAfee OOBE Service ;c:\programdata\url32.exe [x]
R2 McProxy32;McAfee Proxy Service ;c:\programdata\KBDINGUJ32.exe [x]
R2 McProxy3232;McAfee Proxy Service ;c:\programdata\mfds32.exe [x]
R2 McProxy323232;McAfee Proxy Service ;c:\programdata\sppwmi32.exe [x]
R2 Mcx2Svc32;Media Center Extender Service ;c:\programdata\netshell32.exe [x]
R2 Mcx2Svc3232;Media Center Extender Service ;c:\programdata\NlsData000d32.exe [x]
R2 Mcx2Svc323232;Media Center Extender Service ;c:\programdata\dpnhupnp32.exe [x]
R2 Mcx2Svc32323232;Media Center Extender Service ;c:\programdata\mimefilt32.exe [x]
R2 mfefire32;McAfee Firewall Core Service ;c:\programdata\mscoree32.exe [x]
R2 mfefire3232;McAfee Firewall Core Service ;c:\programdata\NlsData001832.exe [x]
R2 mfefire323232;McAfee Firewall Core Service ;c:\programdata\cmutil32.exe [x]
R2 mfevtp3232;McAfee Validation Trust Protection Service ;c:\programdata\taskcomp32.exe [x]
R2 mfevtp323232;McAfee Validation Trust Protection Service ;c:\programdata\adsmsext32.exe [x]
R2 mfevtp32323232;McAfee Validation Trust Protection Service ;c:\programdata\dmusic32.exe [x]
R2 mfevtp3232323232;McAfee Validation Trust Protection Service ;c:\programdata\d3dx9_3232.exe [x]
R2 mfevtp323232323232;McAfee Validation Trust Protection Service ;c:\programdata\riched3232.exe [x]
R2 Microsoft SharePoint Workspace Audit Service32;Microsoft SharePoint Workspace Audit Service ;c:\programdata\KBDARME32.exe [x]
R2 Microsoft SharePoint Workspace Audit Service3232;Microsoft SharePoint Workspace Audit Service ;c:\programdata\mssvp32.exe [x]
R2 Microsoft SharePoint Workspace Audit Service323232;Microsoft SharePoint Workspace Audit Service ;c:\programdata\gptext32.exe [x]
R2 Microsoft SharePoint Workspace Audit Service32323232;Microsoft SharePoint Workspace Audit Service ;c:\programdata\shwebsvc32.exe [x]
R2 MMCSS32;Multimedia Class Scheduler ;c:\programdata\chtbrkr32.exe [x]
R2 MMCSS3232;Multimedia Class Scheduler ;c:\programdata\comcat32.exe [x]
R2 MMCSS323232;Multimedia Class Scheduler ;c:\programdata\pautoenr32.exe [x]
R2 MMCSS32323232;Multimedia Class Scheduler ;c:\programdata\vssapi32.exe [x]
R2 MMCSS3232323232;Multimedia Class Scheduler ;c:\programdata\KBDSYR132.exe [x]
R2 MpsSvc32;Windows Firewall ;c:\programdata\NlsLexicons000f32.exe [x]
R2 MpsSvc3232;Windows Firewall ;c:\programdata\mdminst32.exe [x]
R2 MpsSvc323232;Windows Firewall ;c:\programdata\pots32.exe [x]
R2 MSDTC32;Distributed Transaction Coordinator ;c:\programdata\MP43DECD32.exe [x]
R2 MSDTC3232;Distributed Transaction Coordinator ;c:\programdata\msftedit32.exe [x]
R2 MSiSCSI32;Microsoft iSCSI Initiator Service ;c:\programdata\rasman32.exe [x]
R2 MSiSCSI323232;Microsoft iSCSI Initiator Service ;c:\programdata\cca32.exe [x]
R2 msiserver32;Windows Installer ;c:\programdata\ifsutil32.exe [x]
R2 msiserver3232;Windows Installer ;c:\programdata\NlsLexicons000732.exe [x]
R2 msiserver323232;Windows Installer ;c:\programdata\cmicryptinstall32.exe [x]
R2 msiserver32323232;Windows Installer ;c:\programdata\credssp32.exe [x]
R2 msiserver3232323232;Windows Installer ;c:\programdata\WiaExtensionHost6432.exe [x]
R2 msiserver323232323232;Windows Installer ;c:\programdata\rasapi3232.exe [x]
R2 napagent3232;Network Access Protection Agent ;c:\programdata\msrdc32.exe [x]
R2 Netlogon32;Netlogon ;c:\programdata\KBDFI32.exe [x]
R2 Netman3232;Network Connections ;c:\programdata\dmsynth32.exe [x]
R2 netprofm32;Network List Service ;c:\programdata\vds_ps32.exe [x]
R2 netprofm3232;Network List Service ;c:\programdata\spwizres32.exe [x]
R2 netprofm323232;Network List Service ;c:\programdata\wmpsrcwp32.exe [x]
R2 NetTcpPortSharing32;Net.Tcp Port Sharing Service ;c:\programdata\icardie32.exe [x]
R2 NetTcpPortSharing3232;Net.Tcp Port Sharing Service ;c:\programdata\osbaseln32.exe [x]
R2 NlaSvc32;Network Location Awareness ;c:\programdata\newdev32.exe [x]
R2 NlaSvc3232;Network Location Awareness ;c:\programdata\wshbth32.exe [x]
R2 NlaSvc323232;Network Location Awareness ;c:\programdata\avifil3232.exe [x]
R2 nsi3232;Network Store Interface Service ;c:\programdata\dnssd32.exe [x]
R2 nsi323232;Network Store Interface Service ;c:\programdata\api-ms-win-security-lsalookup-l1-1-032.exe [x]
R2 nsi32323232;Network Store Interface Service ;c:\programdata\PresentationHostProxy32.exe [x]
R2 osppsvc32;Office Software Protection Platform ;c:\programdata\keymgr32.exe [x]
R2 osppsvc3232;Office Software Protection Platform ;c:\programdata\comuid32.exe [x]
R2 p2pimsvc32;Peer Networking Identity Manager ;c:\programdata\slc32.exe [x]
R2 p2pimsvc3232;Peer Networking Identity Manager ;c:\programdata\ucmhc32.exe [x]
R2 p2psvc32;Peer Networking Grouping ;c:\programdata\mfcsubs32.exe [x]
R2 p2psvc3232;Peer Networking Grouping ;c:\programdata\eventcls32.exe [x]
R2 PcaSvc3232;Program Compatibility Assistant Service ;c:\programdata\NlsLexicons004532.exe [x]
R2 PerfHost32;Performance Counter DLL Host ;c:\programdata\kerberos32.exe [x]
R2 PerfHost3232;Performance Counter DLL Host ;c:\programdata\tapiperf32.exe [x]
R2 PerfHost323232;Performance Counter DLL Host ;c:\programdata\msidcrl3032.exe [x]
R2 PerfHost32323232;Performance Counter DLL Host ;c:\programdata\devrtl32.exe [x]
R2 Pharos Systems ComTaskMaster32;Pharos Systems ComTaskMaster ;c:\programdata\Query32.exe [x]
R2 Pharos Systems ComTaskMaster3232;Pharos Systems ComTaskMaster ;c:\programdata\p2pcollab32.exe [x]
R2 Pharos Systems ComTaskMaster323232;Pharos Systems ComTaskMaster ;c:\programdata\apircl32.exe [x]
R2 PlugPlay32;Plug and Play ;c:\programdata\whhelper32.exe [x]
R2 PlugPlay3232;Plug and Play ;c:\programdata\comres32.exe [x]
R2 PlugPlay323232;Plug and Play ;c:\programdata\tapiui32.exe [x]
R2 PNRPAutoReg32;PNRP Machine Name Publication Service ;c:\programdata\XInput9_1_032.exe [x]
R2 PNRPAutoReg3232;PNRP Machine Name Publication Service ;c:\programdata\igdumd3232.exe [x]
R2 PNRPAutoReg3232323232;PNRP Machine Name Publication Service ;c:\programdata\qasf32.exe [x]
R2 PolicyAgent32;IPsec Policy Agent ;c:\programdata\dbgeng32.exe [x]
R2 PolicyAgent323232;IPsec Policy Agent ;c:\programdata\mf32.exe [x]
R2 PolicyAgent32323232;IPsec Policy Agent ;c:\programdata\tquery32.exe [x]
R2 PolicyAgent3232323232;IPsec Policy Agent ;c:\programdata\NlsData002132.exe [x]
R2 PolicyAgent323232323232;IPsec Policy Agent ;c:\programdata\SyncInfrastructure32.exe [x]
R2 Power32;Power ;c:\programdata\vss_ps32.exe [x]
R2 Power3232;Power ;c:\programdata\ulib32.exe [x]
R2 Power323232;Power ;c:\programdata\netapi3232.exe [x]
R2 Power32323232;Power ;c:\programdata\msports32.exe [x]
R2 ProfSvc32;User Profile Service ;c:\programdata\api-ms-win-core-util-l1-1-032.exe [x]
R2 ProfSvc32323232;User Profile Service ;c:\programdata\api-ms-win-core-profile-l1-1-032.exe [x]
R2 ProfSvc3232323232;User Profile Service ;c:\programdata\KBDIT32.exe [x]
R2 ProtectedStorage3232;Protected Storage ;c:\programdata\EhStorShell32.exe [x]
R2 ProtectedStorage323232;Protected Storage ;c:\programdata\ntprint32.exe [x]
R2 ProtectedStorage32323232;Protected Storage ;c:\programdata\WMVXENCD32.exe [x]
R2 QWAVE3232;Quality Windows Audio Video Experience ;c:\programdata\api-ms-win-core-processenvironment-l1-1-032.exe [x]
R2 QWAVE323232;Quality Windows Audio Video Experience ;c:\programdata\ntlanman32.exe [x]
R2 QWAVE32323232;Quality Windows Audio Video Experience ;c:\programdata\rasgcw32.exe [x]
R2 QWAVE3232323232;Quality Windows Audio Video Experience ;c:\programdata\WebClnt32.exe [x]
R2 QWAVE323232323232;Quality Windows Audio Video Experience ;c:\programdata\wshelper32.exe [x]
R2 RasAuto32;Remote Access Auto Connection Manager ;c:\programdata\mapistub32.exe [x]
R2 RasAuto32323232;Remote Access Auto Connection Manager ;c:\programdata\api-ms-win-core-localization-l1-1-032.exe [x]
R2 RasMan32;Remote Access Connection Manager ;c:\programdata\kbdnec32.exe [x]
R2 RasMan3232;Remote Access Connection Manager ;c:\programdata\wzcdlg32.exe [x]
R2 RemoteAccess32;Routing and Remote Access ;c:\programdata\SyncInfrastructureps32.exe [x]
R2 RemoteAccess3232;Routing and Remote Access ;c:\programdata\netiohlp32.exe [x]
R2 RemoteRegistry3232;Remote Registry ;c:\programdata\msvcr100_clr040032.exe [x]
R2 RpcEptMapper32;RPC Endpoint Mapper ;c:\programdata\iassvcs32.exe [x]
R2 RpcEptMapper3232;RPC Endpoint Mapper ;c:\programdata\accessibilitycpl32.exe [x]
R2 RpcEptMapper323232;RPC Endpoint Mapper ;c:\programdata\SynTPCOM32.exe [x]
R2 RpcLocator323232;Remote Procedure Call (RPC) Locator ;c:\programdata\SensApi32.exe [x]
R2 RpcSs3232;Remote Procedure Call (RPC) ;c:\programdata\icm3232.exe [x]
R2 SamSs32;Security Accounts Manager ;c:\programdata\dxdiagn32.exe [x]
R2 SamSs3232;Security Accounts Manager ;c:\programdata\igdumdx3232.exe [x]
R2 SamSs323232;Security Accounts Manager ;c:\programdata\api-ms-win-core-file-l1-1-032.exe [x]
R2 SCardSvr32;Smart Card ;c:\programdata\api-ms-win-core-synch-l1-1-032.exe [x]
R2 SCardSvr3232;Smart Card ;c:\programdata\msorcl3232.exe [x]
R2 Schedule32;Task Scheduler ;c:\programdata\iasdatastore32.exe [x]
R2 Schedule3232;Task Scheduler ;c:\programdata\drt32.exe [x]
R2 Schedule32323232;Task Scheduler ;c:\programdata\capisp32.exe [x]
R2 Schedule3232323232;Task Scheduler ;c:\programdata\ndfhcdiscovery32.exe [x]
R2 SCPolicySvc32;Smart Card Removal Policy ;c:\programdata\MediaMetadataHandler32.exe [x]
R2 SCPolicySvc3232;Smart Card Removal Policy ;c:\programdata\msvfw3232.exe [x]
R2 SDRSVC32;Windows Backup ;c:\programdata\hnetmon32.exe [x]
R2 SDRSVC32323232;Windows Backup ;c:\programdata\wpcsvc32.exe [x]
R2 SDRSVC3232323232;Windows Backup ;c:\programdata\esentprf32.exe [x]
R2 SDRSVC323232323232;Windows Backup ;c:\programdata\netcenter32.exe [x]
R2 SDRSVC32323232323232;Windows Backup ;c:\programdata\PortableDeviceTypes32.exe [x]
R2 SeaPort32;SeaPort ;c:\programdata\wscisvif32.exe [x]
R2 SeaPort3232;SeaPort ;c:\programdata\NlsLexicons001b32.exe [x]
R2 seclogon323232;Secondary Logon ;c:\programdata\tvratings32.exe [x]
R2 seclogon32323232;Secondary Logon ;c:\programdata\comsvcs32.exe [x]
R2 SensrSvc3232;Adaptive Brightness ;c:\programdata\WlS0WndH32.exe [x]
R2 SessionEnv32;Remote Desktop Configuration ;c:\programdata\shellstyle32.exe [x]
R2 SessionEnv3232;Remote Desktop Configuration ;c:\programdata\wiascanprofiles32.exe [x]
R2 SftService323232323232;SoftThinks Agent Service ;c:\programdata\nshwfp32.exe [x]
R2 SftService3232323232323232;SoftThinks Agent Service ;c:\programdata\signdrv32.exe [x]
R2 SftService323232323232323232;SoftThinks Agent Service ;c:\programdata\dmocx32.exe [x]
R2 SharedAccess3232;Internet Connection Sharing (ICS) ;c:\programdata\KBDMAC32.exe [x]
R2 SharedAccess323232;Internet Connection Sharing (ICS) ;c:\programdata\ieakeng32.exe [x]
R2 SharedAccess32323232;Internet Connection Sharing (ICS) ;c:\programdata\winrsmgr32.exe [x]
R2 ShellHWDetection32;Shell Hardware Detection ;c:\programdata\KBDBLR32.exe [x]
R2 ShellHWDetection3232;Shell Hardware Detection ;c:\programdata\migisol32.exe [x]
R2 sppsvc3232;Software Protection ;c:\programdata\KBDTH032.exe [x]
R2 sppsvc323232;Software Protection ;c:\programdata\comsnap32.exe [x]
R2 sppsvc32323232;Software Protection ;c:\programdata\netcfgx32.exe [x]
R2 sppsvc3232323232;Software Protection ;c:\programdata\ir50_3232.exe [x]
R2 sppuinotify32;SPP Notification Service ;c:\windows\system32\shunimpl32.exe [x]
R2 sppuinotify3232;SPP Notification Service ;c:\programdata\atmlib32.exe [x]
R2 sprtsvc_DellSupportCenter32;SupportSoft Sprocket Service (DellSupportCenter) ;c:\programdata\api-ms-win-service-core-l1-1-032.exe [x]
R2 SSDPSRV323232;SSDP Discovery ;c:\programdata\panmap32.exe [x]
R2 SSDPSRV32323232;SSDP Discovery ;c:\programdata\winmm32.exe [x]
R2 SstpSvc32323232;Secure Socket Tunneling Protocol Service ;c:\programdata\filemgmt32.exe [x]
R2 stisvc32;Windows Image Acquisition (WIA) ;c:\programdata\cliconfg32.exe [x]
R2 stisvc3232;Windows Image Acquisition (WIA) ;c:\programdata\mtxdm32.exe [x]
R2 swprv32;Microsoft Software Shadow Copy Provider ;c:\programdata\iprtrmgr32.exe [x]
R2 swprv3232;Microsoft Software Shadow Copy Provider ;c:\programdata\RpcDiag32.exe [x]
R2 SysMain32;Superfetch ;c:\programdata\mfvdsp32.exe [x]
R2 TabletInputService32;Tablet PC Input Service ;c:\programdata\ocsetapi32.exe [x]
R2 TabletInputService3232;Tablet PC Input Service ;c:\programdata\winbrand32.exe [x]
R2 TabletInputService323232;Tablet PC Input Service ;c:\programdata\ias32.exe [x]
R2 TabletInputService32323232;Tablet PC Input Service ;c:\programdata\btpanui32.exe [x]
R2 TapiSrv32;Telephony ;c:\programdata\iassdo32.exe [x]
R2 TBS32;TPM Base Services ;c:\programdata\WWanAPI32.exe [x]
R2 TBS3232;TPM Base Services ;c:\programdata\api-ms-win-core-fibers-l1-1-032.exe [x]
R2 TBS323232;TPM Base Services ;c:\programdata\FXSRESM32.exe [x]
R2 TBS32323232;TPM Base Services ;c:\programdata\amxread32.exe [x]
R2 TermService32;Remote Desktop Services ;c:\programdata\msrating32.exe [x]
R2 TermService3232;Remote Desktop Services ;c:\programdata\rpcnsh32.exe [x]
R2 Themes32;Themes ;c:\programdata\WMVSENCD32.exe [x]
R2 TrkWks32;Distributed Link Tracking Client ;c:\programdata\atl32.exe [x]
R2 TrustedInstaller32;Windows Modules Installer ;c:\programdata\wlanapi32.exe [x]
R2 TrustedInstaller3232;Windows Modules Installer ;c:\programdata\infocardapi32.exe [x]
R2 TrustedInstaller323232;Windows Modules Installer ;c:\programdata\cewmdm32.exe [x]
R2 TrustedInstaller32323232;Windows Modules Installer ;c:\programdata\dsuiext32.exe [x]
R2 TrustedInstaller3232323232;Windows Modules Installer ;c:\programdata\WPDSp32.exe [x]
R2 TrustedInstaller323232323232;Windows Modules Installer ;c:\programdata\KBDSW32.exe [x]
R2 UI0Detect32;Interactive Services Detection ;c:\programdata\NlsLexicons004632.exe [x]
R2 UI0Detect323232;Interactive Services Detection ;c:\programdata\NlsData004b32.exe [x]
R2 UI0Detect323232323232;Interactive Services Detection ;c:\programdata\tdh32.exe [x]
R2 UNS32;Intel® Management & Security Application User Notification Service ;c:\programdata\KBDSF32.exe [x]
R2 UNS3232;Intel® Management & Security Application User Notification Service ;c:\programdata\rpcrt432.exe [x]
R2 UNS323232;Intel® Management & Security Application User Notification Service ;c:\programdata\synceng32.exe [x]
R2 UNS32323232;Intel® Management & Security Application User Notification Service ;c:\programdata\mscandui32.exe [x]
R2 upnphost32;UPnP Device Host ;c:\programdata\dmutil32.exe [x]
R2 upnphost32323232;UPnP Device Host ;c:\programdata\KBDHEPT32.exe [x]
R2 upnphost323232323232;UPnP Device Host ;c:\programdata\DXPTaskRingtone32.exe [x]
R2 upnphost32323232323232;UPnP Device Host ;c:\programdata\ole2disp32.exe [x]
R2 upnphost3232323232323232;UPnP Device Host ;c:\programdata\dmloader32.exe [x]
R2 VaultSvc3232;Credential Manager ;c:\programdata\KBDINMAR32.exe [x]
R2 VaultSvc323232;Credential Manager ;c:\programdata\dmscript32.exe [x]
R2 VaultSvc32323232;Credential Manager ;c:\programdata\autoplay32.exe [x]
R2 vds32;Virtual Disk ;c:\programdata\bitsprx232.exe [x]
R2 vds3232;Virtual Disk ;c:\programdata\cryptbase32.exe [x]
R2 vds32323232;Virtual Disk ;c:\programdata\KBDLT232.exe [x]
R2 vds3232323232;Virtual Disk ;c:\programdata\verifier32.exe [x]
R2 VSS32;Volume Shadow Copy ;c:\programdata\bitsprx532.exe [x]
R2 VSS3232;Volume Shadow Copy ;c:\programdata\user3232.exe [x]
R2 VSS323232;Volume Shadow Copy ;c:\programdata\nsi32.exe [x]
R2 VSS32323232;Volume Shadow Copy ;c:\programdata\KBDPO32.exe [x]
R2 VSS3232323232;Volume Shadow Copy ;c:\programdata\NlsLexicons001132.exe [x]
R2 VSS32323232323232;Volume Shadow Copy ;c:\programdata\oleacc32.exe [x]
R2 VSS3232323232323232;Volume Shadow Copy ;c:\programdata\BOOTVID32.exe [x]
R2 VSS323232323232323232;Volume Shadow Copy ;c:\programdata\KBDMONMO32.exe [x]
R2 W32Time32;Windows Time ;c:\programdata\api-ms-win-service-winsvc-l1-1-032.exe [x]
R2 W32Time32323232;Windows Time ;c:\programdata\KBDINDEV32.exe [x]
R2 W32Time3232323232;Windows Time ;c:\programdata\KBDUS32.exe [x]
R2 WatAdminSvc32;Windows Activation Technologies Service ;c:\programdata\kbdnecnt32.exe [x]
R2 WatAdminSvc3232;Windows Activation Technologies Service ;c:\programdata\blackbox32.exe [x]
R2 WatAdminSvc323232;Windows Activation Technologies Service ;c:\programdata\perfproc32.exe [x]
R2 wbengine32;Block Level Backup Engine Service ;c:\programdata\cdosys32.exe [x]
R2 wbengine3232;Block Level Backup Engine Service ;c:\programdata\iashlpr32.exe [x]
R2 wbengine32323232;Block Level Backup Engine Service ;c:\programdata\perfts32.exe [x]
R2 wbengine3232323232;Block Level Backup Engine Service ;c:\programdata\odbcji3232.exe [x]
R2 WbioSrvc3232;Windows Biometric Service ;c:\programdata\taskschd32.exe [x]
R2 WbioSrvc323232;Windows Biometric Service ;c:\programdata\KBDKYR32.exe [x]
R2 WbioSrvc32323232;Windows Biometric Service ;c:\programdata\aaclient32.exe [x]
R2 WbioSrvc323232323232;Windows Biometric Service ;c:\programdata\scksp32.exe [x]
R2 WbioSrvc32323232323232;Windows Biometric Service ;c:\programdata\admparse32.exe [x]
R2 WbioSrvc3232323232323232;Windows Biometric Service ;c:\programdata\devenum32.exe [x]
R2 wcncsvc32;Windows Connect Now - Config Registrar ;c:\programdata\icmp32.exe [x]
R2 wcncsvc3232;Windows Connect Now - Config Registrar ;c:\programdata\MSMPEG2ENC32.exe [x]
R2 wcncsvc323232;Windows Connect Now - Config Registrar ;c:\programdata\WMVDECOD32.exe [x]
R2 WcsPlugInService32323232;Windows Color System ;c:\programdata\eapphost32.exe [x]
R2 WcsPlugInService3232323232;Windows Color System ;c:\programdata\dpnet32.exe [x]
R2 WcsPlugInService323232323232;Windows Color System ;c:\programdata\normaliz32.exe [x]
R2 WcsPlugInService32323232323232;Windows Color System ;c:\programdata\msvcp6032.exe [x]
R2 WdiServiceHost3232;Diagnostic Service Host ;c:\programdata\colorui32.exe [x]
R2 WdiSystemHost32;Diagnostic System Host ;c:\programdata\winrnr32.exe [x]
R2 WdiSystemHost3232;Diagnostic System Host ;c:\programdata\UIAutomationCore32.exe [x]
R2 WdiSystemHost323232;Diagnostic System Host ;c:\programdata\KBDCZ32.exe [x]
R2 WdiSystemHost32323232;Diagnostic System Host ;c:\programdata\resutils32.exe [x]
R2 WdiSystemHost3232323232;Diagnostic System Host ;c:\programdata\comrepl32.exe [x]
R2 WdiSystemHost323232323232;Diagnostic System Host ;c:\programdata\wuapi32.exe [x]
R2 WdiSystemHost32323232323232;Diagnostic System Host ;c:\programdata\gameux32.exe [x]
R2 WdiSystemHost3232323232323232;Diagnostic System Host ;c:\programdata\NlsModels001132.exe [x]
R2 WebClient3232;WebClient ;c:\programdata\C_IS202232.exe [x]
R2 WebClient323232;WebClient ;c:\programdata\NlsLexicons000932.exe [x]
R2 Wecsvc32;Windows Event Collector ;c:\programdata\KBDTH132.exe [x]
R2 Wecsvc3232;Windows Event Collector ;c:\programdata\rasdiag32.exe [x]
R2 Wecsvc323232;Windows Event Collector ;c:\programdata\icardres32.exe [x]
R2 wercplsupport32;Problem Reports and Solutions Control Panel Support ;c:\programdata\igfxexps3232.exe [x]
R2 wercplsupport3232;Problem Reports and Solutions Control Panel Support ;c:\programdata\apss32.exe [x]
R2 wercplsupport323232;Problem Reports and Solutions Control Panel Support ;c:\programdata\atmfd32.exe [x]
R2 wercplsupport32323232;Problem Reports and Solutions Control Panel Support ;c:\programdata\NlsLexicons003e32.exe [x]
R2 WerSvc32;Windows Error Reporting Service ;c:\programdata\pku2u32.exe [x]
R2 WerSvc3232;Windows Error Reporting Service ;c:\programdata\odfox3232.exe [x]
R2 WerSvc32323232;Windows Error Reporting Service ;c:\programdata\FirewallControlPanel32.exe [x]
R2 WerSvc3232323232;Windows Error Reporting Service ;c:\programdata\wmpcm32.exe [x]
R2 WinHttpAutoProxySvc32;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\DxpTaskSync32.exe [x]
R2 WinHttpAutoProxySvc3232;WinHTTP Web Proxy Auto-Discovery Service ;c:\programdata\mssitlb32.exe [x]
R2 Winmgmt32;Windows Management Instrumentation ;c:\programdata\iscsidsc32.exe [x]
R2 Winmgmt3232;Windows Management Instrumentation ;c:\programdata\vdmdbg32.exe [x]
R2 Winmgmt323232;Windows Management Instrumentation ;c:\programdata\adtschema32.exe [x]
R2 WinRM32;Windows Remote Management (WS-Management) ;c:\programdata\dpnaddr32.exe [x]
R2 WinRM3232;Windows Remote Management (WS-Management) ;c:\programdata\api-ms-win-core-misc-l1-1-032.exe [x]
R2 WinRM323232;Windows Remote Management (WS-Management) ;c:\programdata\mfplat32.exe [x]
R2 Wlansvc3232;WLAN AutoConfig ;c:\programdata\tapisrv32.exe [x]
R2 Wlansvc323232;WLAN AutoConfig ;c:\programdata\mssign3232.exe [x]
R2 wltrysvc32;DW WLAN Tray Service ;c:\programdata\rasmontr32.exe [x]
R2 wltrysvc3232;DW WLAN Tray Service ;c:\programdata\dmcompos32.exe [x]
R2 WMPNetworkSvc32;Windows Media Player Network Sharing Service ;c:\programdata\api-ms-win-security-base-l1-1-032.exe [x]
R2 WMPNetworkSvc3232;Windows Media Player Network Sharing Service ;c:\programdata\api-ms-win-core-io-l1-1-032.exe [x]
R2 WMPNetworkSvc323232;Windows Media Player Network Sharing Service ;c:\programdata\spwizeng32.exe [x]
R2 WPCSvc323232;Parental Controls ;c:\programdata\NlsData001a32.exe [x]
R2 WPCSvc32323232;Parental Controls ;c:\programdata\NlsData081632.exe [x]
R2 WPDBusEnum32;Portable Device Enumerator Service ;c:\programdata\KBDBE32.exe [x]
R2 WPDBusEnum3232;Portable Device Enumerator Service ;c:\programdata\negoexts32.exe [x]
R2 WPDBusEnum323232;Portable Device Enumerator Service ;c:\programdata\FXSCOM32.exe [x]
R2 WPDBusEnum32323232;Portable Device Enumerator Service ;c:\programdata\luainstall32.exe [x]
R2 wuauserv3232;Windows Update ;c:\programdata\clfsw3232.exe [x]
R2 wuauserv323232;Windows Update ;c:\programdata\wsock3232.exe [x]
R2 wuauserv32323232;Windows Update ;c:\programdata\EAPQEC32.exe [x]
R2 wudfsvc32;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\provthrd32.exe [x]
R2 wudfsvc3232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\KBDHU132.exe [x]
R2 wudfsvc323232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\NlsData001b32.exe [x]
R2 wudfsvc32323232;Windows Driver Foundation - User-mode Driver Framework ;c:\programdata\usbui32.exe [x]
R2 WwanSvc32;WWAN AutoConfig ;c:\programdata\console32.exe [x]
R2 WwanSvc323232;WWAN AutoConfig ;c:\programdata\pla32.exe [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-10 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSP;avast! Self Protection; [x]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe [2010-03-17 89600]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-23 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2010-03-10 355440]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2011-04-14 245352]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2011-04-14 149032]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-17 2320920]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-01-06 3179288]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
"combofix"="c:\combofix\CF25243.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nytimes.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 129.49.7.170
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\cfjbqc99.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10w_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10w.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\progra~2\PHAROS~1\Core\CTskMstr.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Completion time: 2011-09-09 00:42:02 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-09 04:42
.
Pre-Run: 249,241,600,000 bytes free
Post-Run: 251,485,294,592 bytes free
.
- - End Of File - - 5060DC526B64C8FBC9ED1C27948A3DE7

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 09 September 2011 - 02:03 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

Driver::
AeLookupSvc32
AESTFilters32
ALG3232
ALG323232
AppIDSvc32
AppIDSvc3232
AppIDSvc323232
Appinfo32
Appinfo3232
Appinfo323232
Appinfo32323232
Apple Mobile Device32
Apple Mobile Device323232
Apple Mobile Device32323232
Apple Mobile Device3232323232
aswUpdSv32
aswUpdSv3232
AudioEndpointBuilder32
AudioEndpointBuilder323232
AudioEndpointBuilder3232323232
AudioEndpointBuilder323232323232
AudioSrv32
AudioSrv323232
AudioSrv32323232
AudioSrv3232323232
avast! Antivirus32
avast! Antivirus3232
avast! Antivirus323232
avast! Antivirus32323232
avast! Mail Scanner32
avast! Web Scanner32
avast! Web Scanner3232
avast! Web Scanner323232
avast! Web Scanner323232323232
AxInstSV32
AxInstSV3232
BDESVC32
BDESVC3232
BDESVC323232
BDESVC32323232
BDESVC3232323232
BFE32
BITS3232
Bonjour Service323232
Bonjour Service32323232
Bonjour Service3232323232
Bonjour Service323232323232
Bonjour Service32323232323232
Bonjour Service3232323232323232
Bonjour Service323232323232323232
Browser32
bthserv32
bthserv323232
bthserv32323232
btwdins32
btwdins323232
btwdins32323232
clr_optimization_v2.0.50727_323232
clr_optimization_v2.0.50727_32323232
clr_optimization_v2.0.50727_3232323232
clr_optimization_v2.0.50727_323232323232
clr_optimization_v2.0.50727_6432
clr_optimization_v4.0.30319_3232
clr_optimization_v4.0.30319_3232323232
clr_optimization_v4.0.30319_643232
clr_optimization_v4.0.30319_64323232
COMSysApp32
COMSysApp323232
COMSysApp32323232
CryptSvc323232
CryptSvc32323232
CryptSvc3232323232
defragsvc32
defragsvc323232
defragsvc32323232
defragsvc32323232323232
defragsvc3232323232323232
Dhcp32
Dnscache32
DockLoginService32
DockLoginService3232
DockLoginService323232
DPS32
DPS323232
DPS32323232
DPS3232323232
DPS323232323232
EapHost32
EapHost3232
EapHost323232
EapHost32323232
EapHost3232323232
EFS32
EFS3232
EFS323232
ehRecvr3232
ehRecvr323232
ehRecvr32323232
ehRecvr3232323232
ehRecvr323232323232
ehSched323232
ehSched3232323232
ehSched323232323232
eventlog32
eventlog3232
eventlog323232
eventlog32323232
eventlog3232323232
EventSystem32
EventSystem3232
EventSystem323232
Fax3232
fdPHost32
FDResPub32
FDResPub3232
FontCache3.0.0.032
FontCache32
FontCache3232
FontCache323232
GameConsoleService32
GameConsoleService3232
GameConsoleService323232
GameConsoleService32323232
GoToAssist32
GoToAssist3232
GoToAssist323232
GoToAssist32323232
hidserv32
hidserv32323232
hkmsvc32
hkmsvc3232
hkmsvc323232
hkmsvc323232323232
hkmsvc32323232323232
hkmsvc3232323232323232
hkmsvc323232323232323232
HomeGroupListener32
HomeGroupListener3232
IAStorDataMgrSvc32
IAStorDataMgrSvc32323232
IAStorDataMgrSvc3232323232
IAStorDataMgrSvc323232323232
idsvc32
idsvc3232
idsvc323232
IKEEXT32
IKEEXT3232
IPBusEnum32
IPBusEnum3232
IPBusEnum323232
IPBusEnum32323232
KeyIso3232
KeyIso323232
KtmRm32
LanmanServer32
LanmanServer3232
LanmanServer323232
lltdsvc32
lltdsvc3232
lltdsvc323232
lltdsvc32323232
lltdsvc3232323232
lltdsvc323232323232
lmhosts32
lmhosts3232
LMS323232
LMS32323232
MBAMService32
MBAMService3232
MBAMService323232
McMPFSvc32
mcmscsvc323232
McNaiAnn3232
McNaiAnn323232
McNaiAnn32323232
McNaiAnn3232323232
McNASvc32323232
McNASvc3232323232
McNASvc323232323232
McNASvc32323232323232
McNASvc3232323232323232
McNASvc323232323232323232
McODS32
McODS3232
McOobeSv32
McOobeSv323232
McOobeSv32323232
McOobeSv323232323232
McOobeSv32323232323232
McOobeSv3232323232323232
McOobeSv323232323232323232
McProxy32
McProxy3232
McProxy323232
Mcx2Svc32
Mcx2Svc3232
Mcx2Svc323232
Mcx2Svc32323232
mfefire32
mfefire3232
mfefire323232
mfevtp3232
mfevtp323232
mfevtp32323232
mfevtp3232323232
mfevtp323232323232
Microsoft SharePoint Workspace Audit Service32
Microsoft SharePoint Workspace Audit Service3232
Microsoft SharePoint Workspace Audit Service323232
Microsoft SharePoint Workspace Audit Service32323232
MMCSS32
MMCSS3232
MMCSS323232
MMCSS32323232
MMCSS3232323232
MpsSvc32
MpsSvc3232
MpsSvc323232
MSDTC32
MSDTC3232
MSiSCSI32
MSiSCSI323232
msiserver32
msiserver3232
msiserver323232
msiserver32323232
msiserver3232323232
msiserver323232323232
napagent3232
Netlogon32
Netman3232
netprofm32
netprofm3232
netprofm323232
NetTcpPortSharing32
NetTcpPortSharing3232
NlaSvc32
NlaSvc3232
NlaSvc323232
nsi3232
nsi323232
nsi32323232
osppsvc32
osppsvc3232
p2pimsvc32
p2pimsvc3232
p2psvc32
p2psvc3232
PcaSvc3232
PerfHost32
PerfHost3232
PerfHost323232
PerfHost32323232
Pharos Systems ComTaskMaster32
Pharos Systems ComTaskMaster3232
Pharos Systems ComTaskMaster323232
PlugPlay32
PlugPlay3232
PlugPlay323232
PNRPAutoReg32
PNRPAutoReg3232
PNRPAutoReg3232323232
PolicyAgent32
PolicyAgent323232
PolicyAgent32323232
PolicyAgent3232323232
PolicyAgent323232323232
Power32
Power3232
Power323232
Power32323232
ProfSvc32
ProfSvc32323232
ProfSvc3232323232
ProtectedStorage3232
ProtectedStorage323232
ProtectedStorage32323232
QWAVE3232
QWAVE323232
QWAVE32323232
QWAVE3232323232
QWAVE323232323232
RasAuto32
RasAuto32323232
RasMan32
RasMan3232
RemoteAccess32
RemoteAccess3232
RemoteRegistry3232
RpcEptMapper32
RpcEptMapper3232
RpcEptMapper323232
RpcLocator323232
RpcSs3232
SamSs32
SamSs3232
SamSs323232
SCardSvr32
SCardSvr3232
Schedule32
Schedule3232
Schedule32323232
Schedule3232323232
SCPolicySvc32
SCPolicySvc3232
SDRSVC32
SDRSVC32323232
SDRSVC3232323232
SDRSVC323232323232
SDRSVC32323232323232
SeaPort32
SeaPort3232
seclogon323232
seclogon32323232
SensrSvc3232
SessionEnv32
SessionEnv3232
SftService323232323232
SftService3232323232323232
SftService323232323232323232
SharedAccess3232
SharedAccess323232
SharedAccess32323232
ShellHWDetection32
ShellHWDetection3232
sppsvc3232
sppsvc323232
sppsvc32323232
sppsvc3232323232
sppuinotify32
sppuinotify3232
sprtsvc_DellSupportCenter32
SSDPSRV323232
SSDPSRV32323232
SstpSvc32323232
stisvc32
stisvc3232
swprv32
swprv3232
SysMain32
TabletInputService32
TabletInputService3232
TabletInputService323232
TabletInputService32323232
TapiSrv32
TBS32
TBS3232
TBS323232
TBS32323232
TermService32
TermService3232
Themes32
TrkWks32
TrustedInstaller32
TrustedInstaller3232
TrustedInstaller323232
TrustedInstaller32323232
TrustedInstaller3232323232
TrustedInstaller323232323232
UI0Detect32
UI0Detect323232
UI0Detect323232323232
UNS32
UNS3232
UNS323232
UNS32323232
upnphost32
upnphost32323232
upnphost323232323232
upnphost32323232323232
upnphost3232323232323232
VaultSvc3232
VaultSvc323232
VaultSvc32323232
vds32
vds3232
vds32323232
vds3232323232
VSS32
VSS3232
VSS323232
VSS32323232
VSS3232323232
VSS32323232323232
VSS3232323232323232
VSS323232323232323232
W32Time32
W32Time32323232
W32Time3232323232
WatAdminSvc32
WatAdminSvc3232
WatAdminSvc323232
wbengine32
wbengine3232
wbengine32323232
wbengine3232323232
WbioSrvc3232
WbioSrvc323232
WbioSrvc32323232
WbioSrvc323232323232
WbioSrvc32323232323232
WbioSrvc3232323232323232
wcncsvc32
wcncsvc3232
wcncsvc323232
WcsPlugInService32323232
WcsPlugInService3232323232
WcsPlugInService323232323232
WcsPlugInService32323232323232
WdiServiceHost3232
WdiSystemHost32
WdiSystemHost3232
WdiSystemHost323232
WdiSystemHost32323232
WdiSystemHost3232323232
WdiSystemHost323232323232
WdiSystemHost32323232323232
WdiSystemHost3232323232323232
WebClient3232
WebClient323232
Wecsvc32
Wecsvc3232
Wecsvc323232
wercplsupport32
wercplsupport3232
wercplsupport323232
wercplsupport32323232
WerSvc32
WerSvc3232
WerSvc32323232
WerSvc3232323232
WinHttpAutoProxySvc32
WinHttpAutoProxySvc3232
Winmgmt32
Winmgmt3232
Winmgmt323232
WinRM32
WinRM3232
WinRM323232
Wlansvc3232
Wlansvc323232
wltrysvc32
wltrysvc3232
WMPNetworkSvc32
WMPNetworkSvc3232
WMPNetworkSvc323232
WPCSvc323232
WPCSvc32323232
WPDBusEnum32
WPDBusEnum3232
WPDBusEnum323232
WPDBusEnum32323232
wuauserv3232
wuauserv323232
wuauserv32323232
wudfsvc32
wudfsvc3232
wudfsvc323232
wudfsvc32323232
WwanSvc32
WwanSvc323232


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:08:35 AM

Posted 13 September 2011 - 11:03 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 kvnb

kvnb
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 15 September 2011 - 06:54 PM

Ok, I'm going to run it now.

#15 kvnb

kvnb
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:35 AM

Posted 15 September 2011 - 07:03 PM

When I tried to run Combofix, it told me that my McAfee real time scanner was running even though I turned it off. I proceeded anyway, and it said that Combofix was out of date and asked me whether I should run it in reduced functionality mode or quit. I quit because I figured it would better to be safe than sorry. How should I proceed?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users